Ory Kratos and FedCM Improvements

FedCM Sign-In Now Triggers Login Hooks
Ory Kratos now triggers configured “after login” hooks for the OIDC method when users authenticate via Federated Credential Management (FedCM).
This update aligns FedCM sign-in behavior with standard OIDC logins, ensuring consistent post-login processing such as analytics, auditing, or session enrichment.

FedCM Support for Google
Ory Kratos updates the Federated Credential Management (FedCM) flow for Google sign-ins.
Google now requires the response_type=id_token parameter in authentication requests.
The /self-service/fed-cm/parameters endpoint automatically includes this parameter when Google is configured as an OAuth2 provider, ensuring compatibility with recent Google changes.

Deprecation: Static Base URL for Self-Service Links
The configuration option selfservice.methods.link.config.base_url has been removed.
Recovery and verification links are now generated dynamically using the origin of the incoming HTTP request.
This change simplifies configuration and improves compatibility in multi-domain and reverse-proxy environments.
Review deployment settings to ensure that generated links resolve correctly.

This update is available now on Ory Kratos Enterprise, and will be included in the next Ory Kratos release.