Release Notes March 2022

Ory Cloud is making a huge leap forward. With this release, we are proud to introduce 1:1 API and configuration compatibility between Ory Cloud and self-hosting Ory components.

We are excited to announce that Ory Cloud now has the full feature capabilities you know from self-hosting Ory components, including:

  1. Webhooks
  2. Custom E-Mail templates
  3. Social Sign In
  4. Password policies
  5. Disabling registration

And we have more exciting features in store for you to discover! Including importing users, performing passwordless flows, being able to manage Ory Cloud Projects from the Ory CLI, and more!


Ory's CLI is now able to manage Ory Cloud Projects easily. Let's say you want to disable registration:

ory patch project <project-id> \
  --replace '/services/identity/config/selfservice/methods/password/enabled=false'


You can now configure webhooks for Ory Cloud projects. This feature is currently only available through the API / CLI.

Social sign-in

You can now enable social sign-in with Google, Facebook, Microsoft and GitHub in Ory Cloud Console! You can find the feature in your Dashboard >> Social Sign-in.

We will continue to add social sign-in providers to Console. In the meantime, you can also add whichever provider you need or prefer through a Generic Provider, also via the UI. This will work for any provider that is OpenID Connect compliant.

Revoke Sessions on Recovery

It is now possible to revoke all sessions of a user when the user recovers their account. This feature is currently only available through the API / CLI.

Password Policies

It is now possible to configure your password policy. For example, you can set the minimum length of passwords, disable the identifier/password similarity check, and configure the policy preventing the use of known leaked passwords. This feature is currently only available through the API / CLI.


Ory now supports passwordless registration and login using WebAuthn (TouchID, FaceID, YubiKey, ...)! To try out passwordless WebAuthn, enable it using the Ory CLI:

ory patch project <project-id> \
  --add '/services/identity/config/selfservice/methods/webauthn/enabled=true' \
  --add '/services/identity/config/selfservice/methods/webauthn/config/passwordless=true'

This feature is currently only available through the API / CLI.


We are moving towards a unified Ory SDK which is already available for most programming languages. In the future, all cloud and self-hosted services will use the unified Ory SDK to interact with their APIs.

Please update your SDKs from kratos-client to ory-client

Importing Identities

Ory now supports importing identities with credentials (e.g. passwords or social sign in connections).

Technical Advisories

Technical advisories help you navigate regressions or breaking changes. Please read them with care.

URL Pattern Changes

There are exciting new features in the pipeline for Ory Cloud! In particular, we are introducing 1:1 compatibility between Ory Cloud and Ory Self-Hosted. APIs, SDKs, and configuration will have full compatibility between the two variants. Features exclusive to Ory Cloud (e.g. billing, team invites) will remain untouched.

As part of this change, we have restructured the API routing. And all "legacy" routes will continue to work. In particular, the prefixes /api/kratos have been stripped. What was


previously is now


All future services, such as permissioning, will be exposed at the same level. This change introduces full compatibility between the "self-hosted" and Ory Cloud SDKs, which will soon merge into one global Ory SDK.

While old SDKs will continue to work, some integrations may rely on the paths to identify the request as an Ory request. If you are checking for these URLs, please be advised that this will no longer work.

Please be aware that some of our own tooling is also affected by this change. Therefore, please update:

  • The NPM package @ory/integrations to version >= v0.2.5
  • The Ory CLI to version >= v0.1.25
  • The Ory SDK to version >= v0.0.1-alpha.130

Social Sign In Regression

In case you already set up Social Sign In, please update your application's redirect URLs:

- https://<project><provider-id>
+ https://<project><provider-id>