Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

Version 2 of this package is not installable, as it's not published according to go's requirements (https://go.dev/blog/v2-go-modules).

...major version of a module must have a different module path than the previous version. Starting with v2, the major version must appear at the end of the module path (declared in the module statement in the go.mod file).

I think the fix will be as simple as updating the module in

Reproducing the bug

cameron@...
❯ go get -u github.com/ory/[email protected]
go get: github.com/ory/[email protected]: invalid version: module contains a go.mod file, so module path must match major version ("github.com/ory/hydra-client-go/v2")
↩ 1 (ERROR)
cameron@...
❯ go get -u github.com/ory/hydra-client-go/v2
go get: module github.com/ory/hydra-client-go@upgrade found (v1.11.8), but does not contain package github.com/ory/hydra-client-go/v2
↩ 1 (ERROR)

Relevant log output

No response

Relevant configuration

No response

Version

Upgrading from v1.11.8 to v2.0.1

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Kubernetes

Additional Context

No response

Hi,

I've got a problem with the client library, because I don't see the option to perform client_credentials flow:

/oauth2/token POST
payload
grant_type:client_credentials
client_id:micro-service-client
client_secret:micro-service-secre

Could you tell me is it possible somehow to do this with the current client version?
If not I am happy to contribute to this project and provide the implementation.

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

The HasMetadata() function in OAuth2Client isn't working right. It should tell us with a true if there's stuff in the Metadata field. But, it's doing the opposite. It's supposed to say true when there's something in Metadata, not when it's empty.

Reproducing the bug

1. Start by creating an OAuth2Client instance with some data in the Metadata field. For example:

client := OAuth2Client{
    Metadata: &Metadata{ /* Assume this is correctly initialized with data */ },
}

2. Next, call the HasMetadata() method on this instance to check if the metadata is considered set:

hasMeta := client.HasMetadata()

3. Check the result of hasMeta. Despite having filled the Metadata field in step 1, you'll surprisingly find hasMeta is false.

fmt.Println("Does client have metadata:", hasMeta) // Expected: true, Actual: false

Relevant log output

No response

Relevant configuration

No response

Version

v2.2.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes

Additional Context

Obvious bug in the current implementation:

func (o *OAuth2Client) HasMetadata() bool {
	if o != nil && IsNil(o.Metadata) {
		return true
	}

	return false
}

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

id_token_hint_claims type is different from hydra server.

Definition at hydra-client-go.
https://github.com/ory/hydra-client-go/blob/v1.11.8/model_open_id_connect_context.go#L25

IdTokenHintClaims map[string]map[string]interface{} `json:"id_token_hint_claims,omitempty"`

Definition at hydra server response type.
https://github.com/ory/hydra/blob/v1.11.8/consent/types.go#L404

IDTokenHintClaims map[string]interface{} `json:"id_token_hint_claims,omitempty"`

But it seems internal client at hydra is OK.
https://github.com/ory/hydra/blob/v1.11.8/internal/httpclient/models/open_id_connect_context.go#L43

IDTokenHintClaims interface{} `json:"id_token_hint_claims,omitempty"`

Reproducing the bug

1. Start authorization code flow with id_token_hint parameter.
2. Get login request using login challenge fails because unmarshal error

Relevant log output

json: cannot unmarshal string into Go struct field OpenIDConnectContext.oidc_context.id_token_hint_claims of type map[string]interface {}

Relevant configuration

No response

Version

v1.11.8

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker

Additional Context

This issue is occurred from v1.11.4.
It seems v1.10.6 is OK.
https://github.com/ory/hydra-client-go/blob/v1.10.6/models/open_id_connect_context.go#L43

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Cloud project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

It looks like the LICENSE file was removed (along with other useful resources such as the contributing guide/code of conduct) in this commit: a98bdcd

Reproducing the bug

Git checkout the repo, check the LICENSE is not available in the main branch.

Relevant log output

No response

Relevant configuration

No response

Version

n/a

On which operating system are you observing this issue?

No response

In which environment are you deploying?

No response

Additional Context

No response

I want to use this repo

I don't know how to deal with JSONRawMessage type. The code in the model is

// JSONRawMessage JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger.
//
// swagger:model JSONRawMessage
type JSONRawMessage interface{}

What is actually there? Can I be sure that there is json.RawMessage in the interface? Why not use that instead of empty interface?

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

When I'm using the SDK to revoke a token, I'm getting .

Reproducing the bug

1. Create an Echo endpoint to revoke a token:

func RevokeTokenHandler(c echo.Context) error {
        // ... code snippet

	_, err := apiClient.OAuth2API.
		RevokeOAuth2Token(requestCtx).
		ClientSecret(payload.ClientSecret).
		ClientId(payload.ClientId).
		Token(payload.Token).
		Execute()

	if err != nil {
		fmt.Println(err.Error())
		return err
	}

	return nil
}

2. Send POST request to the endpoint with JSON data:

{
	"clientId": "<reducted>",
	"clientSecret": "<reducted>",
	"token": "ory_at_<reducted>"
}

Relevant log output

{"time":"2024-03-04T15:49:36.170649869+08:00","id":"","remote_ip":"::1","host":"localhost:8080","method":"POST","uri":"/au/auth/token/revoke","user_agent":"insomnia/2023.5.8","status":500,"error":"json: cannot unmarshal object into Go struct field _ErrorOAuth2.error of type string","latency":2573077,"latency_human":"2.573077ms","bytes_in":211,"bytes_out":36}

Relevant configuration

services:
  hydra:
    image: oryd/hydra:v2.2.0
    container_name: hydra
    ports:
      - 5444:4444
      - 5445:4445
      - 5555:5555
    environment:
      - SECRETS_SYSTEM=grantwardishydra
      - URLS_SELF_ISSUER=http://localhost:4444
      - URLS_LOGIN=http://localhost:9020/login
      - URLS_LOGOUT=http://localhost:9020/logout
      - URLS_CONSENT=http://localhost:9020/consent
      - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable
    command: serve all --dev
    restart: unless-stopped
    depends_on:
      - postgres
      - hydra-migrate
    networks:
      - backend

  hydra-migrate:
    image: oryd/hydra:v2.2.0
    container_name: hydra-migrate
    environment:
      - DSN=postgres://hydra:secret@postgres:5432/hydra?sslmode=disable
    command: migrate sql -e --yes
    restart: on-failure
    depends_on:
      - postgres
    networks:
      - backend

  hydra-consent:
    image: oryd/hydra-login-consent-node:v2.2.0
    container_name: hydra-consent
    ports:
      - 9020:3000
    environment:
      - HYDRA_ADMIN_URL=http://hydra:4445
    restart: unless-stopped
    networks:
      - backend

  postgres:
    image: postgres
    container_name: hydra-db
    restart: always
    ports:
      - 5432:5432
    environment:
      - POSTGRES_DB=hydra
      - POSTGRES_USER=hydra
      - POSTGRES_PASSWORD=secret
    networks:
      - backend

networks:
  backend:
    name: hydra-net

Version

v2.2.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker

Additional Context

No response

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

v1 is till a dependency. Below is part of the go.mod file. As you can see github.com/ory/hydra-client-go v1.11.8 is required.

module github.com/ory/hydra-client-go/v2

go 1.17

require (
	github.com/ory/hydra-client-go v1.11.8
	github.com/stretchr/testify v1.8.4
	golang.org/x/oauth2 v0.17.0
)

Reproducing the bug

open go.mod file. refer to above description section

Relevant log output

No response

Relevant configuration

No response

Version

v2.2.0

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

Please remove the entry from go.mod file

Can you draft true releases on Github rather then just using tags?

Thank you,

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Cloud project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

We use IntrospectOAuth2Token HydraAdmin API to validate our access token. We fetch the user details from the token. We use MySQL with hydra client. Whenever due to failover or connections limit gets exceeded or any other MySQL Downtime error IntrospectOAuth2Token returns a nonerror state with an empty struct for a correct token. So our system understands that it is an invalid token and our system logs the user out. Instead of this we need an error state so that we can show an error state to the end user.,

Reproducing the bug

1. Generate a valid access token.
2. Manually kill Mysql while the application is still running.
3. Call IntrospectOAuth2Token with the valid token generated in step 1.
4. Response does not contain any error state. Although we see in debug logs that there has been a fatal on MySql.

Relevant log output

Below is the response when mysql is down and we call IntrospectOAuth2Token with a correct token.

[POST /oauth2/introspect][200] introspectOAuth2TokenOK  &{Active:0xc0000a6430 Aud:[] ClientID: Exp:0 Ext:<nil> Iat:0 Iss: Nbf:0 ObfuscatedSubject: Scope: Sub: TokenType: TokenUse: Username:}"

Relevant configuration

No response

Version

github.com/ory/hydra-client-go v1.9.2

On which operating system are you observing this issue?

Other

In which environment are you deploying?

Docker

Additional Context

No response

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

It's type "access_token": map[string]map[string]interface{} when the API docs suggest it is "access_token": map[string]interface{}

is this correct?

access_token : {
                        uid : {uid : datax.context.uid}
                    }

Reproducing the bug

it should be

access_token : {
                       uid : datax.context.uid
                   }

Relevant log output

No response

Relevant configuration

No response

Version

Hydra v2.2.0-rc.3!

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

The current version of the client (v2.0.3) doesn't reflect api changes from https://github.com/ory/hydra/releases/tag/v2.0.3 - specifically client_id and client_secret were added to the request body of RevokeOAuth2Token but aren't available in the client.

I need to revoke OAuth tokens for a public OIDC client and can't with the current version of this client.

Can the openapi client be regenerated to pick up this change? Thanks!

Reproducing the bug

Relevant log output

No response

Relevant configuration

No response

Version

v2.0.3

On which operating system are you observing this issue?

None

In which environment are you deploying?

None

Additional Context

No response

i am trying to accept consent request but i keep. getting the following error

resp, err :=  worker.Admin.AcceptConsentRequest(&admin.AcceptConsentRequestParams{
		 Body:             &models.AcceptConsentRequest{
			 GrantScope:               scopes,
			 Remember:                 remember,
		 },
		 ConsentChallenge: challenge,
		 Context:          ctx,

	 })

it fails with the following response..
response status code does not match any response statuses defined for this endpoint in the swagger spec (status 400): {}

in hydra logs i get

level=error msg="An error occurred while handling a request" code=400 debug= details="map[]" error="json: unknown field \"handled_at\"" reason= request-id= status=

i updated hydra and now the error says

ERROR: column "handled_at" of relation "hydra_oauth2_consent_request_handled" does not exist (SQLSTATE 42703) StatusCode:500}
exit status 1

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

So, I'm not sure if I should report this here, as it's very minor, but if a request to OidcApiService (or probably most the APIs) fails due to a timeout or failure in dns resolving or connection refused or whatever, thus not returning a body, the error reported from the API client is

json: cannot unmarshal object into Go struct field ErrorOAuth2.error of type string

I feel like this could be greatly improved upon by simply checking the type of the error returned, or even reading the response into a buffer and checking its length before decoding - it would be nice to have a less nonsensical error message here, makes it a lot easier to debug when things fail!

Reproducing the bug

Use the SDK (I'm currently on "github.com/ory/client-go" v1.1.21), set it up towards a non-existent host - the specific call that fails for me is most often:

oryClient.OidcApi.DiscoverOidcConfiguration(oryClient.AuthCtx(ctx)).Execute()

and watch the magic unfold!

Relevant log output

2023-03-15 17:57:35.848 [    info] auth-sidecar.auth-sidecar-service-server (leafId=auth-sidecar-service-server, service.env=LOCAL, service.name=auth-sidecar, service.type=go, service.version=web@2914:257e1d77ba1c214e1b66331c9faf6899034ddfc4:origin/feat/grpc-keto) Unable to setup ory client: json: cannot unmarshal object into Go struct field ErrorOAuth2.error of type string, falling back to mock client
2023-03-15 17:57:35.929 [    info] auth-sidecar.auth-sidecar-service-server (leafId=auth-sidecar-service-server, service.env=LOCAL, service.name=auth-sidecar, service.type=go, service.version=web@2914:257e1d77ba1c214e1b66331c9faf6899034ddfc4:origin/feat/grpc-keto) Unable to setup ory client: json: cannot unmarshal object into Go struct field ErrorOAuth2.error of type string, falling back to mock client
2023-03-15 17:57:36.023 [    info] auth-sidecar.auth-sidecar-service-server (leafId=auth-sidecar-service-server, service.env=LOCAL, service.name=auth-sidecar, service.type=go, service.version=web@2914:257e1d77ba1c214e1b66331c9faf6899034ddfc4:origin/feat/grpc-keto) Unable to setup ory client: json: cannot unmarshal object into Go struct field ErrorOAuth2.error of type string, falling back to mock client

### Relevant configuration

```yml
I'm using ory cloud right now, so it's whatever we set up there, I don't think it's particularly relevant :)

Version

v1.1.21

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Ory Network

Additional Context

I think that's most of it, it should be fairly straightforward to fix, I think. Unless, of course, it's caused by the OpenAPI generator, which it very well might be!

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Cloud project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

The model for the accept consent session request seems incorrect -

https://github.com/ory/hydra-client-go/blob/master/model_consent_request_session.go#L23

It's type "idToken": map[string]map[string]interface{} when the API docs suggest it is "idToken": map[string]interface{}

The JS (node) api also sends an object of key: string, value: any. The dart api also has a similar mapping, but of String: JSONObject.

I can't find any suitable examples of what the body should be..

is this correct?

idToken: {
  email: { email: "[email protected]" },
  name: { name: "foo bar" },
}

The openapi consumer crashes

Reproducing the bug

Create a login session/ consent

Relevant log output

No response

Relevant configuration

No response

Version

1.11.7

On which operating system are you observing this issue?

No response

In which environment are you deploying?

Kubernetes

Additional Context

No response