zitadel-oidc

Author	SHA1	Message	Date
Tim Möhlmann	55acd0013a	fix(v1): update all go mod deps (#457 ) * fix(v1): update all go mod deps In the preparation of the v3 release, this upgrades the deps for v1 for the last time. Users should upgrade to v3 asap after this as we will drop support for v1 alltogether. * downgrade zitadel/logging	2023-10-13 07:47:08 +02:00
Tim Möhlmann	a64b97dd5a	fix: allow RFC3339 encoded time strings Fixes #292	2023-03-22 16:04:25 +02:00
Tim Möhlmann	95ffcb5bdc	chore: v1 branch auto release	2023-03-22 15:59:14 +02:00
Tim Möhlmann	776115080d	fix: security updates or all modules	2023-03-22 15:56:05 +02:00
Tim Möhlmann	eb0e9a1b7a	chore: v1 branch maintainance releaser	2023-03-22 15:55:50 +02:00
Tim Möhlmann	eea2ed1a51	fix: unmarshalling of scopes in access token (#320 ) The Scopes field in accessTokenClaims should be a SpaceDelimitedArray, in order to allow for correct unmarshalling. Fixes #318	2023-03-10 09:46:25 +02:00
dependabot[bot]	62f2df7fa3	chore(deps): bump actions/add-to-project from 0.4.0 to 0.4.1 (#294 ) Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.4.0 to 0.4.1. - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/v0.4.0...v0.4.1) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-06 14:34:12 +02:00
dependabot[bot]	fba465dc83	chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#290 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-06 14:31:00 +02:00
David Sharnoff	7e5798569b	fix: glob support for RedirectURIs Fixes #293	2023-03-06 14:13:35 +02:00
Tim Möhlmann	815ced424c	readme: update zitdal docs link Fixes #286	2023-02-24 11:04:37 +01:00
Tim Möhlmann	c8d61c0858	rp: allow to set custom URL parameters (#273 ) * rp: allow to set prompts in AuthURLHandler Fixes #241 * rp: configuration for handlers with URL options to call RS Fixes #265	2023-02-13 11:28:46 +02:00
dependabot[bot]	ff2729cb23	chore(deps): bump golang.org/x/text from 0.6.0 to 0.7.0 (#279 ) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-13 11:18:18 +02:00
Tim Möhlmann	5633b5518a	Merge pull request #269 from muir/doc-client-not-cached doc: document lack of client caching	2023-02-09 12:03:21 +02:00
David Sharnoff	d258fc4c29	document lack of client caching	2023-02-08 15:28:27 -08:00
Tim Möhlmann	d59ed71446	Merge pull request #258 from zitadel/dependabot/go_modules/golang.org/x/text-0.6.0 chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0	2023-02-06 21:23:05 +02:00
dependabot[bot]	e59b9259a7	chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0 Bumps [golang.org/x/text](https://github.com/golang/text) from 0.5.0 to 0.6.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-06 18:35:36 +00:00
Tim Möhlmann	3a6c3543e7	chore: add go 1.20 support (#274 )	2023-02-06 10:35:50 +01:00
Tim Möhlmann	df5a09f813	chore: switch from iouitil to io.ReadAll (#272 ) removed a TODO: switch to io.ReadAll and drop go1.15 support	2023-02-06 08:29:25 +01:00
David Sharnoff	cdf2af6c2c	feat: add CanRefreshTokenInfo to support non-JWT refresh tokens (#244 ) * Add an additional, optional, op.Storage interface so that refresh tokens that are not JWTs do not cause failures when they randomly, sometimes, decrypt without error ```go // CanRefreshTokenInfo is an optional additional interface that Storage can support. // Supporting CanRefreshTokenInfo is required to be able to revoke a refresh token that // does not happen to also be a JWTs work properly. type CanRefreshTokenInfo interface { // GetRefreshTokenInfo must return oidc.ErrInvalidRefreshToken when presented // with a token that is not a refresh token. GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error) } ``` * add comment suggested in code review * review feedback: return an error defined in op rather than adding a new error to oidc * move ErrInvalidRefresToken to op/storage.go	2023-02-06 08:27:57 +01:00
Tim Möhlmann	fa222c5efb	fix: nil pointer dereference on UserInfoAddress (#207 ) * oidc: add test case to reproduce #203 Running the tests will always result in a nil pointer dereference on UserInfoAddress. Co-authored-by: Livio Spring <livio.a@gmail.com> * fix: nil pointer dereference on UserInfoAddress userinfo.UnmarshalJSON now only sets the Address field if it was present in the json. userinfo.GetAddress will always return a non-nil value of UserInfoAddress to allow for safe chaining of Get functions. Fixes #203 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>	2023-02-03 11:14:04 +01:00
Livio Spring	1535ea4f6c	chore(examples): improve logging and how to use (#266 )	2023-01-25 06:22:12 +01:00
Livio Spring	b031c1f297	fix: exchange cors library and add `X-Requested-With` to Access-Control-Request-Headers (#260 )	2023-01-09 10:39:11 +01:00
Fabi	6289fae50d	Merge pull request #257 from zitadel/hifabienne-patch-1 chore: Update issue.yml	2022-12-29 16:19:11 +01:00
Fabi	b6eea1ddda	Update issue.yml	2022-12-29 16:03:40 +01:00
dependabot[bot]	205f2c4a30	chore(deps): bump cycjimmy/semantic-release-action from 2 to 3 (#248 ) * chore(deps): bump cycjimmy/semantic-release-action from 2 to 3 Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 2 to 3. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/v2...v3) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * update sem rel to work with node 16 Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Livio Spring <livio.a@gmail.com>	2022-12-06 10:41:07 +00:00
dependabot[bot]	aa7cb56f69	chore(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 (#250 ) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-06 11:37:56 +01:00
dependabot[bot]	2fd92af1f8	chore(deps): bump actions/add-to-project from 0.3.0 to 0.4.0 (#249 ) Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-06 11:34:54 +01:00
Goran Kovacevic	87a545e60b	feat: add missing IntrospectionResponse getters (#251 )	2022-12-06 11:34:19 +01:00
Fabi	1bed3e1f57	Merge pull request #247 from enercity/feature/readme chore(examples): fix path	2022-12-06 09:42:01 +01:00
Fabi	a757c5d13a	Merge pull request #253 from zitadel/livio-a-patch-1 chore(codeql): update branch name	2022-12-06 09:36:29 +01:00
Livio Spring	46684fbe0d	chore(codeql): update branch name	2022-12-06 09:35:23 +01:00
Michael Holtermann	c0f3ef8a66	Add folders to Basic Overview	2022-11-24 15:30:54 +01:00
Florian Forster	356dd89ae4	chore: fix broken codecov default branch (#245 ) * chore: fix broken codecov default branch * update codecov badge	2022-11-21 17:41:56 +01:00
David Sharnoff	74e1823392	chore: add an RP/OP integration test (#238 ) * rp/op integration test do not error if OP does not provide a redirect working, but with debugging clean up, remove debugging support go1.15 attempt to fix coverage calculation * Update pkg/client/rp/integration_test.go Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Livio Spring <livio.a@gmail.com>	2022-11-18 07:29:25 +01:00
David Sharnoff	39852f6021	feat: add rp.RevokeToken (#231 ) * feat: add rp.RevokeToken * add missing lines after conflict resolving Co-authored-by: Livio Spring <livio.a@gmail.com>	2022-11-15 07:35:16 +01:00
dependabot[bot]	0847a5985a	chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#236 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-14 17:02:43 +01:00
dependabot[bot]	0e30c38791	chore(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 (#234 ) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.8 to 0.4.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.3.8...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-14 17:02:22 +01:00
David Sharnoff	bd47b5ddc4	feat: support EndSession with RelyingParty client (#230 ) * feat: support EndSession with RelyingPart client * do not error if OP does not provide a redirect * undo that last change, but noice error returns from EndSession * ioutil.ReadAll, for now	2022-11-14 17:01:19 +01:00
David Sharnoff	4e302ca4da	bugfix: access token verifier opts was not used (#237 )	2022-11-14 17:00:27 +01:00
Utku Özdemir	a314c1483f	fix: allow http schema for redirect url for native apps in dev mode (#242 )	2022-11-14 16:59:56 +01:00
David Sharnoff	1aa75ec953	feat: allow id token hint verifier to specify algs (#229 )	2022-11-14 16:59:33 +01:00
David Sharnoff	89d1c90bf2	fix: WithPath on NewCookieHandler set domain instead! (#240 )	2022-11-14 16:58:36 +01:00
Anthony Quéré	0596d83b33	doc: fix zitadel doc uri in the README (#239 )	2022-11-03 10:11:15 +00:00
Florian Forster	4ac692bfd8	chore: house cleaning of the caos name and update sec (#232 ) * chore: house cleaning of the caos name and update sec * some typos * make fix non breakable * Update SECURITY.md Co-authored-by: Livio Spring <livio.a@gmail.com> * Update SECURITY.md Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Livio Spring <livio.a@gmail.com>	2022-10-17 09:13:54 +02:00
David Sharnoff	4bc4bfffe8	add op.AllAuthMethods (#233 )	2022-10-17 08:07:19 +02:00
Weny Xu	3a7b2e8eb5	docs(README.md): fix typos	2022-10-17 08:06:41 +02:00
dependabot[bot]	9f71e4c924	chore(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 (#228 ) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.3.7...v0.3.8) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-14 22:38:10 +02:00
mv-kan	01021e71a0	chore(example): fix listener usage in app example (#224 )	2022-10-05 09:36:06 +02:00
David Sharnoff	b5da6ec29b	chore(linting): apply gofumpt & goimports to all .go files (#225 )	2022-10-05 09:33:10 +02:00
David Sharnoff	c4b7ef9160	fix: avoid potential race conditions (#220 ) * fix potential race condition during signer update * avoid potential race conditions with lazy-initializers in OpenIDProvider * avoid potential race lazy initializers in RelyingParty * review feedback -- additional potential races * add pre-calls to NewRelyingPartyOIDC too	2022-10-04 07:23:59 +02:00

1 2 3 4 5 ...

366 commits