Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Network project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe your problem

Hi, when you do release please add listing from Changelog into Github release text. I just bumped my deps go get -u ./... and got 0.42.2->0.43 upgrade and it has some breaking changes. So I came here to search what is going on and first thought was to check release page for into https://github.com/ory/fosite/releases but it does not contain anything interesting and after that I found Changelog file which helped me.

Describe your ideal solution

add listing from Changelog into Github release text so you could quickly see what was changed. Example: https://github.com/docker/compose/releases

Workarounds or alternatives

check changelog

Version

0.43

Additional Context

No response

Note: there is no info in changelog to deal with missing compose.CommonStrategy.JWTStrategy field. Or functions like compose.NewOAuth2HMACStrategy() and compose.NewOpenIDConnectStrategy() should be called now as their signatures have changed

these kind of changes are really painful as you now need to "relearn" library to find what you should use instead.

As a relatively longtime user of the fosite library these changes are rare but expected on occasion as it's still v0.

The changes also felt relatively simple if you're using the compose syntax, there were adjustments needed however as you've noted. For what it's worth I personally didn't use the change log at all in my efforts to migrate as most of the changes can be easily seen using editors which allow for following a func or type to source.

All that being said I do somewhat agree that it would be nice to include the change log in the releases. I'm personally a fan of enforcing conventional commits so a conventional changelog workflow can be used to automatically generate it.

I have been using fosite since 2020.08 (version 0.32) and there have been multiple cases when upgrades have been "disruptive". Maybe our application that uses fosite in some unusual way (it is "just" a oauth service on top of our users database so users could log into Grafana with out app credentials).

I understand what v0 entails and I am not saying that changes are bad or must not be done. As we are at 0.43 I assume there will not be "stable" version any time soon and it would be mindful of users when breaking changes are documented/listed in some form so it would be easier to understand where something was moved or what new concept I should use instead of old thingie.

Hi, the changelog can be found in the project’s root: https://github.com/ory/fosite/blob/master/CHANGELOG.md

On that note I also want to clarify that Ory Fosite only exists as a backbone for Ory Hydra. The library itself can be used in other software, but we do not develop it with that as a priority. Many changes are community driven and we do not have the time not resources to write detailed upgrade guides.

As other commenters have noted, most changes are of cosmetic nature and there is no need to „relearn“ the whole system, but it might be needed to change a few things to make it work if you are not using higher level abstractions such as compose.

Hope this helps!

Hi, thanks for the answer. I think source of my complaining was that I thought it to be more "open to public" library than as a backbone for Ory Hydra. In that case I thank you for creating and maintaining this library. It has helped me a lot with oauth flows. And these upgrade inconveniences are not showstoppers.

Thank you all.