What's Changed Ory Stack Integration: Added Ory Hydra & Kratos integration supporting authorization-code login, a new login endpoint, and subject-creation webhooks. Profile-Based Authentication and Authorization: Shifted to a modular configuration via managementportal.authServer.internal and managementportal.identityServer.internal. Token & Security Enhancements: Improved OAuth2/JWT handling, native Hydra token support, and refined access controls for public project endpoints. User & Identity Management: Introduced Kratos identity support (with sync-back functionality) and added email as a standard subject attribute. Frontend: Updated the UI login flow to match new auth-code structures, and added error component improvements. Observability & Operations: Integrated Sentry monitoring, disabled Liquibase analytics, and comprehensively expanded/fixed the CI GitHub Actions pipeline. E2E Testing: Updated automated E2E testing workflows to support the new login flow. Dependency Upgrades: Bumped the baseline runtime to Java 17 and upgraded frameworks including Spring Security, Jackson, Undertow, and Logback. Bug Fixes: Resolved core issues with unassigning sources, internal OAuth login, Source auto-import bugs Important Notes Backward Compatibility: By default, both managementportal.authServer.internal and managementportal.identityServer.internal are set to true. This ensures the previous behavior (using the native Management Portal authentication) remains unchanged out of the box unless explicitly modified. Java 17: The platform runtime and build environment now strictly require JDK 17. Full Changelog: https://github.com/RADAR-base/ManagementPortal/compare/v2.1.13...v3.0.0