Merge branch 'zitadel:main' into rp/UnauthorizedHandler

2024-01-09 01:31:13 +01:00 · 2024-01-09 01:31:13 +01:00 · 763e05feed
commit 763e05feed
parent e0adadb830 4d85375702
4 changed files with 51 additions and 3 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -9,6 +9,16 @@ updates:
  commit-message:
    prefix: chore
    include: scope
+- package-ecosystem: gomod
+  target-branch: "2.12.x"
+  directory: "/"
+  schedule:
+    interval: daily
+    time: '04:00'
+  open-pull-requests-limit: 10
+  commit-message:
+    prefix: chore
+    include: scope
 - package-ecosystem: "github-actions"
  directory: "/"
  schedule:
--- a/example/client/device/device.go
+++ b/example/client/device/device.go
@ -1,3 +1,37 @@
+// Command device is an example Oauth2 Device Authorization Grant app.
+// It creates a new Device Authorization request on the Issuer and then polls for tokens.
+// The user is then prompted to visit a URL and enter the user code.
+// Or, the complete URL can be used instead to omit manual entry.
+// In practice then can be a "magic link" in the form or a QR.
+//
+// The following environment variables are used for configuration:
+//
+//	ISSUER: URL to the OP, required.
+//	CLIENT_ID: ID of the application, required.
+//	CLIENT_SECRET: Secret to authenticate the app using basic auth. Only required if the OP expects this type of authentication.
+//	KEY_PATH: Path to a private key file, used to for JWT authentication of the App. Only required if the OP expects this type of authentication.
+//	SCOPES: Scopes of the Authentication Request. Optional.
+//
+// Basic usage:
+//
+//	cd example/client/device
+//	export ISSUER="http://localhost:9000" CLIENT_ID="246048465824634593@demo"
+//
+// Get an Access Token:
+//
+//	SCOPES="email profile" go run .
+//
+// Get an Access Token and ID Token:
+//
+//	SCOPES="email profile openid" go run .
+//
+// Get an Access Token and Refresh Token
+//
+//	SCOPES="email profile offline_access" go run .
+//
+// Get Access, Refresh and ID Tokens:
+//
+//	SCOPES="email profile offline_access openid" go run .
 package main

 import (
@ -57,5 +91,5 @@ func main() {
 	if err != nil {
 		logrus.Fatal(err)
 	}
-	logrus.Infof("successfully obtained token: %v", token)
+	logrus.Infof("successfully obtained token: %#v", token)
 }
--- a/pkg/client/rp/errors.go
+++ b/pkg/client/rp/errors.go
@ -0,0 +1,5 @@
+package rp
+
+import "errors"
+
+var ErrRelyingPartyNotSupportRevokeCaller = errors.New("RelyingParty does not support RevokeCaller")
--- a/pkg/client/rp/relying_party.go
+++ b/pkg/client/rp/relying_party.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/base64"
 	"errors"
-	"fmt"
 	"net/http"
 	"net/url"
 	"time"
@ -748,7 +747,7 @@ func RevokeToken(ctx context.Context, rp RelyingParty, token string, tokenTypeHi
 	if rc, ok := rp.(client.RevokeCaller); ok && rc.GetRevokeEndpoint() != "" {
 		return client.CallRevokeEndpoint(ctx, request, nil, rc)
 	}
-	return fmt.Errorf("RelyingParty does not support RevokeCaller")
+	return ErrRelyingPartyNotSupportRevokeCaller
 }

 func unauthorizedError(w http.ResponseWriter, r *http.Request, desc string, state string, rp RelyingParty) {