Ory Team

Ory Kratos v1.1.0

AUTHOR: Ory Team

Ory Kratos v1.1 is the most complete, most scalable, and most secure open-source identity server on the planet, and we are thrilled to announce its release! This release comes with over 270 commits and an incredible amount of new features and capabilities!


Enhanced Security and User Verification

  • Phone Verification & 2FA with SMS: Enhance convenient security with phone verification and two-factor authentication (2FA) via SMS, integrating easily with SMS gateways like Twilio. This feature not only adds a convenient layer of security but also offers a straightforward method for user verification, increasing your trust in user accounts.

Improved User Experience with Translations and Native Support

  • Translations & Internationalization: Ory Kratos now supports multiple languages, making it accessible to a global audience. This improvement enhances the user experience by providing a localized interface, ensuring users interact with the system in their preferred language.

  • Native Support for Sign in with Google and Apple on Android/iOS: Get more sign-ups with native support for "Sign in with Google" and "Sign in with Apple" on mobile platforms. Great user experience matters!

Simplifying User Management

  • Account Linking: Simplify user management with new features that facilitate account linking. If a user registers with a password and later signs in with a social account sharing the same email, new screens make account linking straightforward, enhancing user convenience and reducing support inquiries.

  • Passwordless "Magic Code": Introduce a passwordless login method with "Magic Code," which sends a one-time code to the user's email for sign-up and login. This method can also serve as a fallback when users forget their password or their social login is unavailable, streamlining the login process and improving user accessibility.

  • Session to JWT Conversion: Convert an Ory Session Cookie or Ory Session Token into a JSON Web Token (JWT), providing more flexibility in handling sessions and integrating with other systems. This feature allows for seamless authentication and authorization processes across different platforms and services.

Note: To ensure a seamless upgrade experience with minimal impact, some of these features are gated behind the feature_flags config parameter, allowing controlled deployment and testing.

Shipped on Ory Network

The following features have been shipped exclusively to Ory Network for this version:

  • B2B SSO allows your customers to connect their LDAP / Okta / AD / … to your login. Ory selects the correct login provider based on the user’s email domain.

  • Significantly better API performance for expensive API operations by specifying the desired consistency (strong, eventual).

  • Finding users effortlessly with our new fuzzy search for credential identifiers available for the Identity List API.

Detailed improvements

  • Better reliability when sending out emails across different providers.

  • Streamlining the HTTP API and improving related SDK methods.

  • Better performance when calling the whoami API endpoint, updating identities, and listing identities.

  • The performance of listing identities has significantly improved with the introduction of keyset pagination. Page pagination is still available but will be fully deprecated soon.

  • Ability to list multiple identities in a batch call.

  • Passkeys and WebAuthn now support multiple origins, useful when working with subdomains.

  • The logout flow now redirects the user back to the return_to parameter set in the API call.

  • When updating their settings, the user was sometimes incorrectly asked to confirm the changes by providing their password. This issue has now been fixed.

  • When signing up with an account that already exists, the user will be shown a hint helping them sign in to their existing account.

  • CORS configuration can now be hot-reloaded.

  • The integration with Ory OAuth2 / Ory Hydra has improved for logout, login session management, verification, and recovery flows.

  • A new passwordless method has been added: "Magic code". It sends a one-time code to the user's email during sign-up and log-in. This method can additionally be used as a fallback login method when the user forgets their password.

  • Integration with social sign-in has improved, and it is now possible to use the email verified status from the social sign-in provider.

  • Ory Elements and the default Ory Account Experience are now internationalized with translations.

  • It is now possible to convert an Ory Session Cookie or Ory Session Token into a JSON Web Token.

  • Recovery on native apps has improved significantly and no longer requires the user to switch to a browser for the recovery step.

  • Administrators can now find users by their identifiers with fuzzy search - this feature is still in preview.

  • Importing HMAC-hashed passwords is now possible.

  • Webhooks can now update identity admin metadata.

  • New screens have been added to make account linking possible when a user has registered with a password and later tries signing in with a social account sharing the same email.

  • Ability to revoke all sessions of a user when they change their password.

  • Webhooks are now available for all login, registration, and login methods, including Passkeys, TOTP, and others.

  • The login screen now longer shows “ID” for the primary identifier, but instead extracts the correct label - for example, “Email” or “Username” from the Identity Schema.

  • Login hints help users with guidance when they are unable to sign in (wrong social sign-in provider) but have an active account.

  • Phone numbers can now be verified via an SMS gateway like Twilio.

  • SMS OTP is now a two-factor option.

Powered by LaunchNotes