feat: add public filter for jwks (#327)

.docker/Dockerfile-alpine

@@ -1,4 +1,4 @@
-FROM alpine:3.18
+FROM alpine:3.19
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D  -h /home/ory -s /bin/nologin; \

.docker/Dockerfile-build

@@ -1,4 +1,4 @@
-FROM golang:1.19-alpine3.18 AS builder
+FROM golang:1.21-alpine3.19 AS builder
 
 RUN apk -U --no-cache add build-base git gcc bash
 
@@ -14,9 +14,9 @@ RUN go mod download
 
 ADD . .
 
-RUN go build -tags sqlite -o /usr/bin/ory
+RUN CGO_CFLAGS="-D_LARGEFILE64_SOURCE" go build -tags sqlite,json1 -o /usr/bin/ory
 
-FROM alpine:3.18
+FROM alpine:3.19
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D  -h /home/ory -s /bin/nologin; \

.github/workflows/ci.yaml

@@ -20,7 +20,7 @@ jobs:
       - uses: ory/ci/checkout@master
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.19"
+          go-version: "1.21"
       - run: |
           make test
         env:

.github/workflows/format.yml

@@ -11,7 +11,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.19
+          go-version: 1.21
       - run: make format
       - name: Indicate formatting issues
         run: git diff HEAD --exit-code --color

.github/workflows/licenses.yml

@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "1.18"
+          go-version: "1.21"
       - uses: actions/setup-node@v2
         with:
           node-version: "18"

.github/workflows/test-e2e.yml

@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "^1.19"
+          go-version: "^1.21"
       - uses: actions/setup-node@v2
         with:
           node-version: "16"
@@ -53,7 +53,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "^1.19"
+          go-version: "^1.21"
       - uses: actions/setup-node@v2
         with:
           node-version: "16"

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@v2
       - uses: actions/setup-go@v2
         with:
-          go-version: "^1.19"
+          go-version: "^1.21"
       - uses: actions/setup-node@v2
         with:
           node-version: "16"

Makefile

@@ -8,7 +8,7 @@ export GO111MODULE := on
 export PATH := .bin:${PATH}
 export PWD := $(shell pwd)
 
-GOLANGCI_LINT_VERSION = 1.54.2
+GOLANGCI_LINT_VERSION = 1.55.2
 
 GO_DEPENDENCIES = github.com/ory/go-acc \
 				  github.com/golang/mock/mockgen \

cmd/cloudx/client/client.go

@@ -17,8 +17,8 @@ import (
 	"github.com/spf13/cobra"
 	flag "github.com/spf13/pflag"
 
-	hydra "github.com/ory/hydra-client-go"
-	hydracli "github.com/ory/hydra/cmd/cliclient"
+	hydra "github.com/ory/hydra-client-go/v2"
+	hydracli "github.com/ory/hydra/v2/cmd/cliclient"
 	kratoscli "github.com/ory/kratos/cmd/cliclient"
 	"github.com/ory/x/cmdx"
 	"github.com/ory/x/flagx"
@@ -97,7 +97,7 @@ func ContextWithClient(ctx context.Context) context.Context {
 		conf := hydra.NewConfiguration()
 		conf.HTTPClient = &http.Client{
 			Transport: &bearerTokenTransporter{RoundTripper: c.StandardClient().Transport, bearerToken: ac.SessionToken},
-			Timeout:   time.Second * 10,
+			Timeout:   time.Second * 30,
 		}
 
 		consoleURL, err := url.ParseRequestURI(makeCloudConsoleURL(p.Slug + ".projects"))
@@ -123,7 +123,7 @@ func ContextWithClient(ctx context.Context) context.Context {
 					RoundTripper: c.StandardClient().Transport,
 					bearerToken:  ac.SessionToken,
 				},
-				Timeout: time.Second * 10,
+				Timeout: time.Second * 30,
 			},
 		}, nil
 	})

cmd/cloudx/client/form.go

@@ -78,6 +78,10 @@ func renderForm(stdin *bufio.Reader, pwReader passwordReader, stderr io.Writer,
 				continue
 			}
 
+			if strings.Contains(attrs.Name, "traits.details") {
+				continue
+			}
+
 			switch attrs.Type {
 			case "hidden":
 				continue

cmd/cloudx/client/handler.go

@@ -512,7 +512,7 @@ func (h *CommandHelper) ListProjects() ([]cloud.ProjectMetadata, error) {
 		return nil, err
 	}
 
-	projects, res, err := c.ProjectApi.ListProjects(h.Ctx).Execute()
+	projects, res, err := c.ProjectAPI.ListProjects(h.Ctx).Execute()
 	if err != nil {
 		return nil, handleError("unable to list projects", res, err)
 	}
@@ -531,7 +531,7 @@ func (h *CommandHelper) ListOrganizations(projectID string) (*cloud.ListOrganiza
 		return nil, err
 	}
 
-	organizations, res, err := c.ProjectApi.ListOrganizations(h.Ctx, projectID).Execute()
+	organizations, res, err := c.ProjectAPI.ListOrganizations(h.Ctx, projectID).Execute()
 	if err != nil {
 		return nil, handleError("unable to list organizations", res, err)
 	}
@@ -550,7 +550,7 @@ func (h *CommandHelper) CreateOrganization(projectID string, body cloud.Organiza
 		return nil, err
 	}
 
-	organization, res, err := c.ProjectApi.
+	organization, res, err := c.ProjectAPI.
 		CreateOrganization(h.Ctx, projectID).
 		OrganizationBody(body).
 		Execute()
@@ -572,7 +572,7 @@ func (h *CommandHelper) UpdateOrganization(projectID, orgID string, body cloud.O
 		return nil, err
 	}
 
-	organization, res, err := c.ProjectApi.
+	organization, res, err := c.ProjectAPI.
 		UpdateOrganization(h.Ctx, projectID, orgID).
 		OrganizationBody(body).
 		Execute()
@@ -594,7 +594,7 @@ func (h *CommandHelper) DeleteOrganization(projectID, orgID string) error {
 		return err
 	}
 
-	res, err := c.ProjectApi.
+	res, err := c.ProjectAPI.
 		DeleteOrganization(h.Ctx, projectID, orgID).
 		Execute()
 	if err != nil {
@@ -641,7 +641,7 @@ func (h *CommandHelper) GetProject(projectOrSlug string) (*cloud.Project, error)
 		}
 	}
 
-	project, res, err := c.ProjectApi.GetProject(h.Ctx, id.String()).Execute()
+	project, res, err := c.ProjectAPI.GetProject(h.Ctx, id.String()).Execute()
 	if err != nil {
 		return nil, handleError("unable to get project", res, err)
 	}
@@ -660,7 +660,7 @@ func (h *CommandHelper) CreateProject(name string, setDefault bool) (*cloud.Proj
 		return nil, err
 	}
 
-	project, res, err := c.ProjectApi.CreateProject(h.Ctx).CreateProjectBody(*cloud.NewCreateProjectBody(strings.TrimSpace(name))).Execute()
+	project, res, err := c.ProjectAPI.CreateProject(h.Ctx).CreateProjectBody(*cloud.NewCreateProjectBody(strings.TrimSpace(name))).Execute()
 	if err != nil {
 		return nil, handleError("unable to list projects", res, err)
 	}
@@ -752,7 +752,7 @@ func (h *CommandHelper) PatchProject(id string, raw []json.RawMessage, add, repl
 		patches = append(patches, cloud.JsonPatch{Op: "remove", Path: del})
 	}
 
-	res, _, err := c.ProjectApi.PatchProject(h.Ctx, id).JsonPatch(patches).Execute()
+	res, _, err := c.ProjectAPI.PatchProject(h.Ctx, id).JsonPatch(patches).Execute()
 	if err != nil {
 		return nil, err
 	}
@@ -800,6 +800,16 @@ func (h *CommandHelper) UpdateProject(id string, name string, configs []json.Raw
 		}
 	}
 
+	if _, found := interim["cors_admin"]; !found {
+		interim["cors_admin"] = map[string]interface{}{}
+	}
+	if _, found := interim["cors_public"]; !found {
+		interim["cors_public"] = map[string]interface{}{}
+	}
+	if _, found := interim["name"]; !found {
+		interim["name"] = ""
+	}
+
 	var payload cloud.SetProject
 	var b bytes.Buffer
 	if err := json.NewEncoder(&b).Encode(interim); err != nil {
@@ -816,14 +826,14 @@ func (h *CommandHelper) UpdateProject(id string, name string, configs []json.Raw
 	if name != "" {
 		payload.Name = name
 	} else if payload.Name == "" {
-		res, _, err := c.ProjectApi.GetProject(h.Ctx, id).Execute()
+		res, _, err := c.ProjectAPI.GetProject(h.Ctx, id).Execute()
 		if err != nil {
 			return nil, errors.WithStack(err)
 		}
 		payload.Name = res.Name
 	}
 
-	res, _, err := c.ProjectApi.SetProject(h.Ctx, id).SetProject(payload).Execute()
+	res, _, err := c.ProjectAPI.SetProject(h.Ctx, id).SetProject(payload).Execute()
 	if err != nil {
 		return nil, err
 	}
@@ -842,7 +852,7 @@ func (h *CommandHelper) CreateAPIKey(projectIdOrSlug, name string) (*cloud.Proje
 		return nil, err
 	}
 
-	token, _, err := c.ProjectApi.CreateProjectApiKey(h.Ctx, projectIdOrSlug).CreateProjectApiKeyRequest(cloud.CreateProjectApiKeyRequest{Name: name}).Execute()
+	token, _, err := c.ProjectAPI.CreateProjectApiKey(h.Ctx, projectIdOrSlug).CreateProjectApiKeyRequest(cloud.CreateProjectApiKeyRequest{Name: name}).Execute()
 	if err != nil {
 		return nil, err
 	}
@@ -861,7 +871,7 @@ func (h *CommandHelper) DeleteAPIKey(projectIdOrSlug, id string) error {
 		return err
 	}
 
-	if _, err := c.ProjectApi.DeleteProjectApiKey(h.Ctx, projectIdOrSlug, id).Execute(); err != nil {
+	if _, err := c.ProjectAPI.DeleteProjectApiKey(h.Ctx, projectIdOrSlug, id).Execute(); err != nil {
 		return err
 	}
 

cmd/cloudx/client/handler_test.go

@@ -358,7 +358,7 @@ func TestCommandHelper(t *testing.T) {
 			for _, w := range res.Warnings {
 				t.Logf("Warning: %s", *w.Message)
 			}
-			assert.Len(t, res.Warnings, 0)
+			assert.Len(t, res.Warnings, 1)
 		})
 	})
 }

cmd/cloudx/client/sdks.go

@@ -57,7 +57,7 @@ func makeCloudAPIsURL(prefix string) string {
 func NewKratosClient() (*oldCloud.APIClient, error) {
 	conf := oldCloud.NewConfiguration()
 	conf.Servers = oldCloud.ServerConfigurations{{URL: makeCloudConsoleURL("project")}}
-	conf.HTTPClient = &http.Client{Timeout: time.Second * 10}
+	conf.HTTPClient = &http.Client{Timeout: time.Second * 30}
 	if RateLimitHeader != "" {
 		conf.AddDefaultHeader("Ory-RateLimit-Action", RateLimitHeader)
 	}

cmd/cloudx/identity/list_test.go

@@ -23,28 +23,28 @@ func TestListIdentities(t *testing.T) {
 	t.Run("is not able to list identities if not authenticated and quiet flag", func(t *testing.T) {
 		configDir := testhelpers.NewConfigDir(t)
 		cmd := testhelpers.ConfigAwareCmd(configDir)
-		_, _, err := cmd.Exec(nil, "list", "identities", "--quiet", "--project", project)
+		_, _, err := cmd.Exec(nil, "list", "identities", "--quiet", "--project", project, "--consistency", "strong")
 		require.ErrorIs(t, err, client.ErrNoConfigQuiet)
 	})
 
 	for _, proc := range []string{"list", "ls"} {
 		t.Run(fmt.Sprintf("is able to %s identities", proc), func(t *testing.T) {
-			stdout, stderr, err := defaultCmd.Exec(nil, proc, "identities", "--format", "json", "--project", project)
+			stdout, stderr, err := defaultCmd.Exec(nil, proc, "identities", "--format", "json", "--project", project, "--consistency", "strong")
 			require.NoError(t, err, stderr)
 			out := gjson.Parse(stdout)
 			assert.True(t, gjson.Valid(stdout))
-			assert.Len(t, out.Array(), 1)
-			assert.Equal(t, userID, out.Array()[0].Get("id").String())
+			assert.Len(t, out.Get("identities").Array(), 1)
+			assert.Equal(t, userID, out.Get("identities").Array()[0].Get("id").String(), out.Raw)
 		})
 	}
 
 	t.Run("is able to list identities after authenticating", func(t *testing.T) {
 		cmd, r := testhelpers.WithReAuth(t, defaultEmail, defaultPassword)
-		stdout, stderr, err := cmd.Exec(r, "ls", "identities", "--format", "json", "--project", project)
+		stdout, stderr, err := cmd.Exec(r, "ls", "identities", "--format", "json", "--project", project, "--consistency", "strong")
 		require.NoError(t, err, stderr)
 		assert.True(t, gjson.Valid(stdout))
 		out := gjson.Parse(stdout)
-		assert.Len(t, out.Array(), 1)
-		assert.Equal(t, userID, out.Array()[0].Get("id").String())
+		assert.Len(t, out.Get("identities").Array(), 1)
+		assert.Equal(t, userID, out.Get("identities").Array()[0].Get("id").String(), out.Raw)
 	})
 }

cmd/cloudx/oauth2/client.go

@@ -6,7 +6,7 @@ package oauth2
 import (
 	"github.com/spf13/cobra"
 
-	hydra "github.com/ory/hydra/cmd"
+	hydra "github.com/ory/hydra/v2/cmd"
 )
 
 func NewCreateOAuth2Client() *cobra.Command {

cmd/cloudx/oauth2/flows.go

@@ -6,7 +6,7 @@ package oauth2
 import (
 	"github.com/spf13/cobra"
 
-	hydra "github.com/ory/hydra/cmd"
+	hydra "github.com/ory/hydra/v2/cmd"
 )
 
 func NewPerformAuthorizationCode() *cobra.Command {

cmd/cloudx/oauth2/jwks.go

@@ -6,15 +6,18 @@ package oauth2
 import (
 	"github.com/spf13/cobra"
 
+	"github.com/ory/kratos/cmd/cliclient"
+
 	"github.com/ory/cli/cmd/cloudx/client"
-	hydra "github.com/ory/hydra/cmd"
+	hydra "github.com/ory/hydra/v2/cmd"
 	"github.com/ory/x/cmdx"
 )
 
 func wrapHydraCmd(newCmd func() *cobra.Command) *cobra.Command {
 	c := newCmd()
 	client.RegisterProjectFlag(c.Flags())
 	cmdx.RegisterFormatFlags(c.Flags())
+	cliclient.RegisterClientFlags(c.Flags())
 	return c
 }
 

cmd/cloudx/oauth2/token.go

@@ -6,7 +6,7 @@ package oauth2
 import (
 	"github.com/spf13/cobra"
 
-	hydra "github.com/ory/hydra/cmd"
+	hydra "github.com/ory/hydra/v2/cmd"
 )
 
 func NewDeleteAccessTokens() *cobra.Command {