Skip to main content
Version: v1.8

Milestones and Roadmap

next#

This milestone does not have a description.

Feat#

New feature or request.

Issues#

Rfc#

A request for comments to discuss and share ideas.

Issues#

v1.8.1#

This milestone does not have a description.

Bug#

Something is not working.

Issues#

  • Report expired JWT assertion token to client (hydra#2066)
  • Slow consent revocation request (hydra#1997)

Pull Requests#

Feat#

New feature or request.

Issues#

Pull Requests#

  • perf: add (client_id, subject) index to access and refresh tables to improve revocation performance (hydra#2001) - @hackerman

Docs#

Affects documentation.

Issues#

Pull Requests#

  • docs: remove introspect security spec (hydra#2002)

Blocking#

Blocks milestones or other issues or pulls.

Pull Requests#

Ci#

Affects Continuous Integration (CI).

Pull Requests#

v1.9.0#

This milestone does not have a description.

Bug#

Something is not working.

Issues#

  • client_id case sensitivity is not properly enforced when using MySQL (hydra#1644) - @Patrik
  • Introspection Response: access_token and refresh_token are not valid token_type (hydra#1762)
  • Make cookies with SameSite=None secure by default or using the configuration flag (hydra#1844)
  • RSA key generation is slow on ARM (hydra#1989)
  • loginRequest.requested_access_token_audience should not be null (hydra#2039)
  • Consider customizing 'azp' and 'aud' claims in ID Tokens (hydra#2042)
  • Redirect URI should be able to contain plus (+) character (hydra#2055)

Feat#

New feature or request.

Issues#

  • consent: Improve remember for consent (hydra#1006)
  • [Feature] Enhance Security Middleware (hydra#1029)
  • Add API versioning for administrative APIs (hydra#1050)
  • consent: Allow removing tokens without revoking consent (hydra#1142) - @hackerman
  • OAuth Client authentication creation CLI jwks client field not present (hydra#1404)
  • Add oAuth2Client to logoutRequest similar to loginRequest. (hydra#1483)
  • Add a way to filter/sort the list of clients (hydra#1485) - @hackerman
  • Remove "not before" claim "nbf" from JWT access token (hydra#1542)
  • No way to handle 409 GetLoginRequestConflict. (hydra#1569) - @Patrik
  • Auth session cannot be prolonged even if the user is active (hydra#1690)
  • Migrate to gobuffalo/pop (hydra#1730) - @Patrik
  • Rename DEPRECATED_HIERARCHICAL_SCOPE_STRATEGY (hydra#1760) - @hackerman
  • CLI Migration Down (hydra#1763)
  • Move to go-jose key generation (hydra#1825)
  • Make cookies with SameSite=None secure by default or using the configuration flag (hydra#1844)
  • Split HTTPS handling for public/admin (hydra#1962)
  • Token claims customization with Jsonnet (hydra#1748) - @hackerman
  • Update clients from cli (hydra#2020)
  • Find out if a login/consent challenge is still valid (hydra#2057)
  • cmd: Add upsert command for client CLI (hydra#1086) - @hackerman
  • oauth2: Make cleaning up refresh and authz codes possible (hydra#1130) - @hackerman
  • Add endpoint to Admin API to revoke access tokens (hydra#1728)
  • issueLogoutVerifier should allow POST requests as well (hydra#1993)
  • Expired token is considered an error (hydra#2031)
  • Automatically set GOMAXPROCS according to linux container cpu quota (hydra#2033)
  • Prometheus endpoint should not require x-forwarded-proto header (hydra#2072)

Rfc#

A request for comments to discuss and share ideas.

Issues#

  • Split HTTPS handling for public/admin (hydra#1962)