Techly NewsGet the app

Get the latest tech news

Show HN: Identifier First Auth and OTP MFA for Open Source Auth0 Alternative Ory


We are thrilled to announce the release of Ory Kratos v1.3.0! This release includes significant updates, enhancements, and fixes to improve your experience with Ory Kratos. Enhance your sign-in ex...

This feature allows users to first identify themselves (e.g., by providing their email or username) and then proceed with the chosen authentication method, whether it be OTP code, passkeys, passwords, or social login. The enhancements ensure a smoother flow when using OTP for multi-factor authentication (MFA), providing clearer guidance to users and improving fallback mechanisms. 123e807 Merge commit from fork 2d60772 Update .github/workflows/ci.yaml 4e25ce9 autogen(docs): generate and bump docs 276fb51 autogen(docs): regenerate and update changelog 7840335 autogen(docs): regenerate and update changelog aa48c6b autogen(docs): regenerate and update changelog 4e2902c autogen(docs): regenerate and update changelog 4f4394c autogen(docs): regenerate and update changelog 5b251c0 autogen(docs): regenerate and update changelog 014be39 autogen(docs): regenerate and update changelog 2a6e220 autogen(docs): regenerate and update changelog 45bbec4 autogen(docs): regenerate and update changelog 1146599 autogen(docs): regenerate and update changelog 702e1e8 autogen(docs): regenerate and update changelog d72f456 autogen(docs): regenerate and update changelog ff90216 autogen(docs): regenerate and update changelog e451b74 autogen(docs): regenerate and update changelog 3db4256 autogen(docs): regenerate and update changelog 358521a autogen(docs): regenerate and update changelog 7674f46 autogen(docs): regenerate and update changelog 198e79b autogen(docs): regenerate and update changelog fa2da75 autogen(docs): regenerate and update changelog 7e7fdc2 autogen(docs): regenerate and update changelog 78bc473 autogen(docs): regenerate and update changelog def6225 autogen(docs): regenerate and update changelog 630c487 autogen(docs): regenerate and update changelog 4547e8b autogen(openapi): regenerate swagger spec and internal client 369aad4 autogen(openapi): regenerate swagger spec and internal client bcffb65 autogen(openapi): regenerate swagger spec and internal client 7f20adc autogen(openapi): regenerate swagger spec and internal client c910b4e autogen(openapi): regenerate swagger spec and internal client 7df3d56 autogen(openapi): regenerate swagger spec and internal client 020a9de autogen(openapi): regenerate swagger spec and internal client 8bd742f autogen(openapi): regenerate swagger spec and internal client b27e84b autogen(openapi): regenerate swagger spec and internal client b29dff3 autogen(openapi): regenerate swagger spec and internal client 278d8e0 autogen(openapi): regenerate swagger spec and internal client 30dd9c0 autogen(openapi): regenerate swagger spec and internal client bac030b autogen(openapi): regenerate swagger spec and internal client 1d9ef41 autogen(openapi): regenerate swagger spec and internal client ba0f30d autogen: add v1.2.0 to version.schema.json 0a49fd0 autogen: pin v1.3.0 release commit 72aae5b autogen: pin v1.3.0-pre.0 release commit de70e43 chore(deps): bump body-parser and express in /test/e2e/proxy (#4093) 74fd787 chore(deps): bump express from 4.18.2 to 4.20.0 in /test/e2e/proxy (#4095) ba2aac5 chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 (#4075) 7d6a458 chore(deps): bump serve-static and express in /test/e2e/proxy (#4091) 0213ed9 chore: add kubescape image scanner (#3947) dbe9d10 chore: add missing text message fields (#4066) 4fb28b3 chore: align internal SDK with published SDK (#4019) 6129ec8 chore: bump dependencies (#4017) 54cb464 chore: don't return allowed return URLs (#4044) a84fb3f chore: improve courier logging (#3985) 5830ffb chore: improve tracing for selfservice strategies (#4061) 1bc4dc5 chore: move b2b config to selfservice section (#3949) f125f7f chore: re-add WithIdentifier (#3992) 9aefc0a chore: refactor API in package cipher for easier dependency injection (#4103) 5d8e327 chore: regenerate SDK 4ace176 chore: regenerate SDK and format code 3260550 chore: regenerate config types 2ad0ed9 chore: remove max length b7102c8 chore: rename one_step to unified 0dec428 chore: sdk+ci (#4088) 5592029 chore: update CI, dependencies, and some inaccurate assertions (#4085) 671368d chore: update newsletter link (#4011) 9894d0a chore: update repository templates to ory/meta@ 297c8a5 9001c44 chore: update repository templates to ory/meta@ 3cf0f00 5d372a3 chore: update repository templates to ory/meta@ 4132def b0a8a3b chore: update repository templates to ory/meta@ 939b80f 5c650ce chore: update repository templates to ory/meta@ 95e82c6 7945104 chore: update repository templates to ory/meta@ fe4ffe0 2800fcd chore: updated snapshots and clean up f7c38f0 chore: upgrade dockertest to address cve (#4038) aa7f958 chore: upgrade goreleaser to v2 (#4123) a702fdf chore: use correct import 180287a chore: use label in link/unlink settings nodes (#3977) e3f1da0 deps: update Code QL action to v2 (#4008) 955bd8f docs: add google to supported providers in ID Token doc strings (#4026) c508980 docs: typo in changelog 0150795 feat(sdk): add missing profile discriminator to update registration dd6e53d feat(sdk): avoid eval with javascript triggers 735fc5b feat: add additional messages 7b636d8 feat: add browser return_to continue_with action 612e3bf feat: add if method to sdk 99c945c feat: add redirect to continue_with for SPA flows 5f4a2bf feat: add social providers to credential discovery as well 3bf1ca9 feat: add support for Salesforce as identity provider (#4003) 8225e40 feat: add tests for two step login (#3959) a43cef2 feat: allow deletion of an individual OIDC credential (#3968) 4ba7033 feat: allow partially failing batch inserts (#4083) 42ade94 feat: better detection if credentials exist on identifier first login (#3963) 2cd8483 feat: change method=profile:back to screen=previous(#4119) af5ea35 feat: clarify session extend behavior (#3962) f7c1024 feat: client-side PKCE take 3 (#4078) 20156f6 feat: emit events in identity persister (#4107) eb97243 feat: enable new-style OIDC state generation (#4121) 1bdc19a feat: identifier first auth 638b274 feat: identifier first login for all first factor login methods 4e3fad4 feat: improve session extend performance (#3948) c9d5573 feat: password migration hook (#3978) 89355d8 feat: separate 2fa refresh from 1st factor refresh (#3961) 51042d9 feat: set maxlength for totp input b0111d4 fix(security): code credential does not respect highest_available setting 2c7ff3c fix: add PKCE config key to config schema (#4098) e0a4010 fix: add continue with only for json browser requests (#4002) d26f204 fix: add fallback to providerLabel (#3999) 7597bc6 fix: add missing JS triggers 340f698 fix: batch identity created event (#4111) 6ceb2f1 fix: concurrent map update for webhook header (#4055) 6ab2637 fix: do not populate id_first first step for account linking flows (#4074) 4d1954a fix: downgrade go-webauthn (#4035) 76af303 fix: emit SelfServiceMethodUsed in SettingsSucceeded event (#4056) ddb838e fix: filter web hook headers (#4048) 2b4a618 fix: improve OIDC account linking UI (#4036) 122b63d fix: include duplicate credentials in account linking message (#4079) 3215792 fix: incorrect append of code credential identifier (#4102) 7c5299f fix: jsonnet timeouts (#3979) b5a66e0 fix: move password migration hook config (#3986) c417b4a fix: normalize code credentials and deprecate via parameter ad1acd5 fix: passthrough correct organization ID to CompletedLoginForWithProvider (#4124) 50deedf fix: password migration hook config (#4001) 6016cc8 fix: pw migration param (#3998) 81bc152 fix: refactor internal API to prevent panics (#4028) 310a405 fix: remove flows from log messages (#3913) 04850f4 fix: replace submit with continue button for recovery and verification and add maxlength f949173 fix: return credentials in FindByCredentialsIdentifier (#4068) 98140f2 fix: return error if invalid UUID is supplied to ids filter (#4116) 9a1f171 fix: timestamp precision on mysql 192f10f fix: transient_payload is lost when verification flow started as part of registration (#3983) ad5fb09 fix: trigger oidc web hook on sign in after registration (#4027) 8350625 fix: typo in login link CLI error messages (#3995) 32737dc fix: validate page tokens for better error codes (#4021) ff6ed5b fix: whoami latency (#4070) 37781a9 test: add form hydration tests for code login 633b0ba test: add form hydration tests for idfirst login df0cdcb test: add form hydration tests for oidc login a777854 test: add form hydration tests for passkey login 7186e7e test: add form hydration tests for password login 8b68163 test: add form hydration tests for webauthn login 5f76c15 test: add tests for idfirst 4f2c854 test: additional code credential test case (#4122) 61f87d9 test: deflake and parallelize persister tests (#3953) b192c92 test: deflake session extend config side-effect (#3950) e0001b0 test: enable server-side config from context (#3954) 68693a4 test: improve stability of refresh test (#4037) dbf7274 test: resolve CI failures (#4067) e2e81ac test: resolve issues and update snapshots for all selfservice strategies 6ce3068 test: update incorrect usage of Auth0 in Salesforce tests (#4007) 7b0b94d test: verify redirect continue_with in hook executor for browser clients

Get the Android app

Or read this on Hacker News

Read more on:

Photo of otp mfa

otp mfa

« HPE Aruba Networking fixes critical flaws impacting Access Points
Is AI More Sustainable if You Generate it Underwater? »