ory
diff --git a/‎CHANGELOG.md‎
Lines changed: 2 additions & 132 deletions b/‎CHANGELOG.md‎
Lines changed: 2 additions & 132 deletions
diff --git a/‎consent/handler.go‎
Lines changed: 4 additions & 12 deletions b/‎consent/handler.go‎
Lines changed: 4 additions & 12 deletions
diff --git a/‎consent/manager.go‎
Lines changed: 1 addition & 2 deletions b/‎consent/manager.go‎
Lines changed: 1 addition & 2 deletions
@@ -4,13 +4,13 @@
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 **Table of Contents**
 
-- [0.0.0 (2025-08-25)](#000-2025-08-25)
+- [0.0.0 (2025-07-03)](#000-2025-07-03)
   - [Breaking Changes](#breaking-changes)
   - [Related issue(s)](#related-issues)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
-# [0.0.0](https://github.com/ory/hydra/compare/v2.3.0...v0.0.0) (2025-08-25)
+# [0.0.0](https://github.com/ory/hydra/compare/v2.3.0...v0.0.0) (2025-07-03)
 ## Breaking Changes
 
 This patch changes the behavior of configuration item `foo` to do bar. To keep the existing
@@ -41,10 +41,6 @@ If this pull request
 
 ### Bug Fixes
 
-* Add repo syncing for polis ([46d17f8](https://github.com/ory/hydra/commit/46d17f8bfdc59e2185e9ce65823eb2652e01f1b8)):
-
-    GitOrigin-RevId: e277a25d594b512b800d39dd18f36ea3d99fcf84
-
 * Allow updating when JWKS URI is set ([#3935](https://github.com/ory/hydra/issues/3935)) ([#3946](https://github.com/ory/hydra/issues/3946)) ([fb1655b](https://github.com/ory/hydra/commit/fb1655ba86077b10141132ed332ba8d6f8c70582)):
 
     The client validator no longer rejects PATCH and PUT updates when `JSONWebKeysURI` is non-empty and `JSONWebKeys` is not nil.
@@ -75,10 +71,6 @@ If this pull request
     GitOrigin-RevId: 61645585277edd95914705499afd7211a85983eb
 
 * CLI usage help examples ([#3943](https://github.com/ory/hydra/issues/3943)) ([e24f9a7](https://github.com/ory/hydra/commit/e24f9a704c22c72690bc20c498439865181d9239))
-* Copybara script ([7b33358](https://github.com/ory/hydra/commit/7b333585bb44a069bf47267c853aa2e91db0efa3)):
-
-    GitOrigin-RevId: 14665e01451ac5fcdda148b473b8fc35d4fe21ef
-
 * Correct multiple instances of 'stragegy' typo ([#3906](https://github.com/ory/hydra/issues/3906)) ([50eefbc](https://github.com/ory/hydra/commit/50eefbc21c2c43d221b6079bbd78a33ef8c754c4)):
 
     This commit addresses several occurrences where 'strategy' was
@@ -88,22 +80,6 @@ If this pull request
     documentation repository (ory/docs), with a corresponding pull request
     submitted.
 
-* Deduplicate down migrations ([02baf36](https://github.com/ory/hydra/commit/02baf364c5f1fe09a74edb879c711983f761dc7f)):
-
-    GitOrigin-RevId: 94c68daeded4f3b6f42d079d71415d8935a74e69
-
-* **deps:** Update go-x ([582a3c5](https://github.com/ory/hydra/commit/582a3c5f2de833a7996812d4873b305d162e1c7b)):
-
-    GitOrigin-RevId: 2d32f7710b9c6111a30f4e0d3cc0abc967d7dfb6
-
-* Failing CI in OSS repos ([c900985](https://github.com/ory/hydra/commit/c9009858dc96edbbec1dd256cb1a734beb4f90aa)):
-
-    GitOrigin-RevId: 3d1f84b0f0d006971aea9489322b3e0f32a6a7e3
-
-* Fix expires_at timestamp not in UTC leading to local test failures ([337000a](https://github.com/ory/hydra/commit/337000aacd07a1af6e77918a011903b6f39701a3)):
-
-    GitOrigin-RevId: 560d958391b12ace6db9d4c05074719e96e0329e
-
 * Force autocommit for device auth code migration ([#3991](https://github.com/ory/hydra/issues/3991)) ([29761f4](https://github.com/ory/hydra/commit/29761f4ac7586478ea6f553cb571ac11b0275e6d)), closes [#1234](https://github.com/ory/hydra/issues/1234) [#1234](https://github.com/ory/hydra/issues/1234):
 
     <!--
@@ -117,26 +93,14 @@ If this pull request
 
     ```
 
-* Identity queries ([a30f021](https://github.com/ory/hydra/commit/a30f021fd98969c2dbc31a4dc3e45365d60c1a25)):
-
-    GitOrigin-RevId: b103d25a807c643b521a12d593486d5125f390be
-
 * Ignore flaky keys in Hydra HSM tests ([469b2ad](https://github.com/ory/hydra/commit/469b2ad538865a38738a10f46d270f53d12101ad)):
 
     GitOrigin-RevId: 83312e6544bc33ccc30e1e1e414cc04910429192
 
-* Include go.mod in vendored oryx ([08a3ab4](https://github.com/ory/hydra/commit/08a3ab43ddb1e2a0df430224f969fe3f0ba161bf)):
-
-    GitOrigin-RevId: 20365bbe6b2cf95ac7973bcca9056455d2cb3803
-
 * **infrastructure:** Hydra oss CI ([e846541](https://github.com/ory/hydra/commit/e84654185cdfffbf160d5309f744795d15d723f9)):
 
     GitOrigin-RevId: 3df0724e5ea4c81a0f4c481c1a3a34529356d073
 
-* Jsonx.ApplyJSONPatch ([c6fa2a6](https://github.com/ory/hydra/commit/c6fa2a6f17f63e43cfecb576bd2a1c1b58c778ed)):
-
-    GitOrigin-RevId: 43c10801f5051e3d5fbea5f4f5e90394f6da0fbb
-
 * JWT documentation link to point to the correct resource ([#3907](https://github.com/ory/hydra/issues/3907)) ([b746e41](https://github.com/ory/hydra/commit/b746e41eda6dc3fe376b147d146a6fcc7dafb455)):
 
     The previous link in the documentation led to a page unrelated to JWT.
@@ -164,23 +128,7 @@ If this pull request
     persistence/sql/src/20220210000001_nid/20220210000001000000_nid.cockroach.up.sql
     ```
 
-* Otlp sampling rate default ([cbd5094](https://github.com/ory/hydra/commit/cbd50947ff7e03a4c32d0ad52acd55b595b393ce)):
-
-    GitOrigin-RevId: 8a01bded7d8eca0ac3a81de793286144aab16426
-
-* Print correct content of down migrations ([4a4a088](https://github.com/ory/hydra/commit/4a4a0880dc6222870b1e177ce04f81842359f922)):
-
-    GitOrigin-RevId: 48b1efa8d3d4f6c6648d3941f67f622fdfb0075c
-
-* Revert "fix: otlp sampling rate default ([#9055](https://github.com/ory/hydra/issues/9055))" ([02e86bc](https://github.com/ory/hydra/commit/02e86bc192c8f693c23aa430481a1e719d8e2e21)):
-
-    GitOrigin-RevId: 9de37a48b68c7ee29caefb01c83f1a78999dc15b
-
 * Revoke by consent request ID ([#3947](https://github.com/ory/hydra/issues/3947)) ([5d8635c](https://github.com/ory/hydra/commit/5d8635c94389ff3c87bfae66afe95105c147bec1)), closes [#3932](https://github.com/ory/hydra/issues/3932) [#3932](https://github.com/ory/hydra/issues/3932) [#3941](https://github.com/ory/hydra/issues/3941)
-* Routes in AX with identity_schema ([5014348](https://github.com/ory/hydra/commit/50143483fd66fb7d545e8a8e2c7e95857f35fbbb)):
-
-    GitOrigin-RevId: ab72dc64c194c06bf0301e87aa829c72022ac41e
-
 * Simplify and fix Copybara sync job ([f998d09](https://github.com/ory/hydra/commit/f998d090ca6408b05524aea5e5f3a79c5d44b1a4)):
 
     GitOrigin-RevId: 115f1ba1aa8f92d9c546046b37d4fb27dacedec8
@@ -197,14 +145,6 @@ If this pull request
 
     GitOrigin-RevId: 64950988a466bbdb4f25b8d9f5c416ff591c00bf
 
-* Use hard-coded fallback key instead of panic ([e1f6450](https://github.com/ory/hydra/commit/e1f645012f43f62928fdc79710b45d935878367f)):
-
-    GitOrigin-RevId: d7a2270bbf5360288199e9632b2eac6cbc29737c
-
-* Use main branch for polis ([6c24e68](https://github.com/ory/hydra/commit/6c24e68995b8eae9ba0b8872867270ef1d35113b)):
-
-    GitOrigin-RevId: 04533493184c6abdc3a211daffd98f6b68e1c9cc
-
 * Using uuid_generate_v4 function ([#3958](https://github.com/ory/hydra/issues/3958)) ([c206066](https://github.com/ory/hydra/commit/c20606606654af975e5d82998956bb998acee576)):
 
     Removing the md5 function for the uuid generation with native pgsql
@@ -213,19 +153,8 @@ If this pull request
     Closes https://github.com/ory/hydra/issues/3844
 
 
-### Code Refactoring
-
-* Move database meta functions to root x folder for reusability ([7e49133](https://github.com/ory/hydra/commit/7e49133f435d6a0f74a63e8f8d03c5d314d7d3c6)):
-
-    GitOrigin-RevId: 30ee938ea5f1d19bac8967e0ebfe2d595ec27d2b
-
-
 ### Features
 
-* Add allowed domains configuration for captcha ([df3f05c](https://github.com/ory/hydra/commit/df3f05c6ffbd3f00e62a33b2b68416ccf2009112)):
-
-    GitOrigin-RevId: 03395362054593f07ff6405c2a747256b5ff528e
-
 * Add error reason to OAuth2TokenExchangeError event ([#3971](https://github.com/ory/hydra/issues/3971)) ([241dd45](https://github.com/ory/hydra/commit/241dd45fa17ed10d1101d890199df47dab4dbce5))
 * Add handler for /.well-known/oauth-authorization-server. ([#3980](https://github.com/ory/hydra/issues/3980)) ([5baca28](https://github.com/ory/hydra/commit/5baca2843a98c222006b27b20e7e6392421ecad8)):
 
@@ -236,10 +165,6 @@ If this pull request
     configuration items that conform to this endpoint as seen here:
     https://datatracker.ietf.org/doc/html/rfc8414
 
-* Autoconfigure kratos-changefeed ([d92dabe](https://github.com/ory/hydra/commit/d92dabedf2f55d8b74f5898c987c3e6712fb0b16)):
-
-    GitOrigin-RevId: 8e684d3c1ed528798c0c81cc4330858c54a39acf
-
 * **changelog-oel:** Add `hydra debug challenge` command ([a94662f](https://github.com/ory/hydra/commit/a94662f1edc49e662a5e1818dbfd4cac15bd9ead)):
 
     GitOrigin-RevId: 793cf3327696465ea89fdfcf078f26594832a666
@@ -248,18 +173,10 @@ If this pull request
 
     GitOrigin-RevId: 1a115d9e2055bbf9a0bb4ecf7c6a266b2b70a8cd
 
-* **changelog-oel:** Choose identity schema in self-service registration and login flows ([a398b64](https://github.com/ory/hydra/commit/a398b6444bff9476b2768e9e5f840bcf73fff3a6)):
-
-    GitOrigin-RevId: 8d6ee03cc8181d3277100a4b7412a3a113799964
-
 * **changelog:** Graceful refresh count limit ([470713d](https://github.com/ory/hydra/commit/470713da36862745ca0222c284e0692fa40559ae)):
 
     GitOrigin-RevId: 7f8bf5fee8b06490f888590054d2dcd2f1cf2cba
 
-* **changelog:** Migrate http router to stdlib router ([a147e3b](https://github.com/ory/hydra/commit/a147e3b64007a3c7b2c5dd0351321c1aa92d5b70)):
-
-    GitOrigin-RevId: ebd7ec330a4f7b9826cb70ba36ba2f727ea64c96
-
 * Implement RFC 8628 ([#3912](https://github.com/ory/hydra/issues/3912)) ([5215d24](https://github.com/ory/hydra/commit/5215d2482adc6328f6ed78ac7799f1f5243d1e7f)), closes [#3851](https://github.com/ory/hydra/issues/3851) [#3252](https://github.com/ory/hydra/issues/3252) [#3230](https://github.com/ory/hydra/issues/3230) [#2416](https://github.com/ory/hydra/issues/2416):
 
     This patch introduces the OAuth 2.0 Device Authorization Grant to Ory
@@ -310,10 +227,6 @@ If this pull request
 
     GitOrigin-RevId: dbb48d171fad1f9b4fd31385f0ef4fb01e39e823
 
-* Move config testhelpers to ory/x ([3a4ba08](https://github.com/ory/hydra/commit/3a4ba084c74cf49a521856f150a8a2c6f3c1aa25)):
-
-    GitOrigin-RevId: fd484445e9715760231f7f86ec212d094e826377
-
 * Revoke Kratos session asynchronously ([#3936](https://github.com/ory/hydra/issues/3936)) ([a0e7ee2](https://github.com/ory/hydra/commit/a0e7ee29298d4f882a7d471e0601b01c6848c40d)):
 
     This change makes the session revocation in Kratos async to improve
@@ -393,18 +306,10 @@ If this pull request
     POST admin/oauth2/auth/sessions/consent?consent_challenge_id=G_TIM3XABG14UwIgDoT1DRfipjhC1uix
     ```
 
-* Use stdlib HTTP router in Kratos ([8f81931](https://github.com/ory/hydra/commit/8f8193179a39dc142d502fbc559891ffa0385ed8)):
-
-    GitOrigin-RevId: 799513e99acbf43a05fe3113ffda45d2fff2a9e0
-
 * Use vendored jackson ([a0a9062](https://github.com/ory/hydra/commit/a0a906211bce4ced3e1f4324eb9d287ef10892a6)):
 
     GitOrigin-RevId: 591238768218ba2b5af93f91ac7e16f4c170da5b
 
-* Use vendored ory/x ([6581e01](https://github.com/ory/hydra/commit/6581e01679b2e146433061cbaaebb80a0e3905b5)):
-
-    GitOrigin-RevId: 994f3b754946ca5b2bd1bab0fe20532f5d5ab62f
-
 
 ### Performance Improvements
 
@@ -415,43 +320,8 @@ If this pull request
 
 ### Tests
 
-* Add golangci-lint config and GHA ([1209de7](https://github.com/ory/hydra/commit/1209de78736c6730fa84cbf4e7046535aeba094f)):
-
-    GitOrigin-RevId: eb14c9f38e2b98d11a78ee0b90fd8f4f689abd3d
-
-* **hydra:** Add snapshots for login & consent requests ([687cfae](https://github.com/ory/hydra/commit/687cfae2092b90bcde11b0976b3f944bc8bb9a4a)):
-
-    GitOrigin-RevId: 47d041cf207af6c3e9e21bf3016e5ea0cf044344
-
-* **hydra:** Clean oauth2 session setup ([699e382](https://github.com/ory/hydra/commit/699e38238220f857148b503dfb96d9b057bb4583)):
-
-    GitOrigin-RevId: e05097c7439096cf40fdcf059b3396970b2f1219
-
-* **hydra:** Clean up some helpers ([7840b0e](https://github.com/ory/hydra/commit/7840b0e0aade3b8fac6f1677a75b192e9c094b23)):
-
-    GitOrigin-RevId: 2b93dfbc4c27602a6ad053ccd0f25962f600419f
-
-* **hydra:** Convert custom JWT claim tests to table ([8391d1b](https://github.com/ory/hydra/commit/8391d1bc57a85420f50c2e0b856a509b6784963d)):
-
-    GitOrigin-RevId: c0114d299bdec370104e8ad0b3042d3a3c045bb1
-
-* **hydra:** New and better e2e go tests ([aefe5e2](https://github.com/ory/hydra/commit/aefe5e2663608ec945dc49be466d48c0d43810f2)):
-
-    GitOrigin-RevId: 23a73e451286556fb6b0072c5b348eee137f1310
-
-* **hydra:** Refactor consent handler tests ([4d61925](https://github.com/ory/hydra/commit/4d6192599dc4f1020e8c5418398c6a85820c74cb)):
-
-    GitOrigin-RevId: 77753f8e0018eaef2bc17b73d456de5b7b0585b1
-
 * Parallelize and improve ([#3989](https://github.com/ory/hydra/issues/3989)) ([a47e395](https://github.com/ory/hydra/commit/a47e39513f1f08076849f77517977abffa195364))
 
-### Unclassified
-
-* Merge 3834fab8c161a7dc98d43f32acf8efd9e6e95352 into 4dae0f4a8785eb36d8dbb27137f6b924c1e0f0b5 ([dc84053](https://github.com/ory/hydra/commit/dc840535c19d58caf130966e00d3d2fe9f3eb577)):
-
-    GitOrigin-RevId: 0c2dcaa065b64d2aafbcfd49c79363a214c5b2aa
-
-
 
 # [2.3.0](https://github.com/ory/hydra/compare/v2.2.0...v2.3.0) (2025-01-17)
 
 
@@ -1082,13 +1082,7 @@ func (h *Handler) acceptUserCodeRequest(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	cr, err := h.r.ConsentManager().GetDeviceUserAuthRequest(ctx, challenge)
-	if err != nil {
-		h.r.Writer().WriteError(w, r, err)
-		return
-	}
-
-	f, err := h.decodeFlowWithClient(ctx, challenge, flow.AsDeviceChallenge)
+	f, err := flow.DecodeFromDeviceChallenge(ctx, h.r, challenge)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
@@ -1113,7 +1107,7 @@ func (h *Handler) acceptUserCodeRequest(w http.ResponseWriter, r *http.Request)
 
 	p := flow.HandledDeviceUserAuthRequest{
 		ID:                  f.DeviceChallengeID.String(),
-		RequestedAt:         cr.RequestedAt,
+		RequestedAt:         f.RequestedAt,
 		HandledAt:           sqlxx.NullTime(time.Now().UTC()),
 		Client:              userCodeRequest.GetClient().(*client.Client),
 		DeviceCodeRequestID: userCodeRequest.GetID(),
@@ -1135,13 +1129,12 @@ func (h *Handler) acceptUserCodeRequest(w http.ResponseWriter, r *http.Request)
 	}
 
 	f.RequestURL = reqURL.String()
-	hr, err := h.r.ConsentManager().HandleDeviceUserAuthRequest(ctx, f, challenge, &p)
-	if err != nil {
+	if err := h.r.ConsentManager().HandleDeviceUserAuthRequest(ctx, f, &p); err != nil {
 		h.r.Writer().WriteError(w, r, err)
 		return
 	}
 
-	ru, err := url.Parse(hr.RequestURL)
+	ru, err := url.Parse(f.RequestURL)
 	if err != nil {
 		h.r.Writer().WriteError(w, r, fosite.ErrInvalidRequest.WithWrap(err).WithHint(`Unable to parse the request_url.`))
 		return
@@ -1154,7 +1147,6 @@ func (h *Handler) acceptUserCodeRequest(w http.ResponseWriter, r *http.Request)
 	}
 
 	events.Trace(ctx, events.DeviceUserCodeAccepted, events.WithClientID(userCodeRequest.GetClient().GetID()))
-
 	h.r.Writer().Write(w, r, &flow.OAuth2RedirectTo{
 		RedirectTo: urlx.SetQuery(ru, url.Values{"device_verifier": {verifier}, "client_id": {userCodeRequest.GetClient().GetID()}}).String(),
 	})
 
@@ -56,8 +56,7 @@ type (
 		VerifyAndInvalidateLogoutRequest(ctx context.Context, verifier string) (*flow.LogoutRequest, error)
 
 		CreateDeviceUserAuthRequest(ctx context.Context, req *flow.DeviceUserAuthRequest) (*flow.Flow, error)
-		GetDeviceUserAuthRequest(ctx context.Context, challenge string) (*flow.DeviceUserAuthRequest, error)
-		HandleDeviceUserAuthRequest(ctx context.Context, f *flow.Flow, challenge string, r *flow.HandledDeviceUserAuthRequest) (*flow.DeviceUserAuthRequest, error)
+		HandleDeviceUserAuthRequest(ctx context.Context, f *flow.Flow, r *flow.HandledDeviceUserAuthRequest) error
 		VerifyAndInvalidateDeviceUserAuthRequest(ctx context.Context, verifier string) (*flow.HandledDeviceUserAuthRequest, error)
 
 		NetworkID(ctx context.Context) uuid.UUID