cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
580 commits 8 branches 227 tags 3.4 MiB
Commit graph

580 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Möhlmann
14e8529b68 chore(next): v4 module for development 2024-04-02 14:23:12 +03:00
dependabot[bot]
5cdb65c30b
chore(deps): bump actions/add-to-project from 0.6.1 to 1.0.0 (#575) 
* chore(deps): bump actions/add-to-project from 0.6.1 to 1.0.0

Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.1 to 1.0.0.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.1...v1.0.0)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update issue.yml

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2024-04-02 06:22:36 +00:00
dependabot[bot]
d729c22526
chore(deps): bump codecov/codecov-action from 4.1.0 to 4.1.1 (#576) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-02 07:58:28 +02:00
Célian GARCIA
c89d0ed970
feat: return oidc.Error in case of call token failure (#571) 2024-04-01 13:55:22 +00:00
dependabot[bot]
910f55ea7b
chore(deps): bump actions/add-to-project from 0.6.0 to 0.6.1 (#572) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-26 07:15:38 +01:00
Tim Möhlmann
56397f88d5
feat(oidc): add actor claim to introspection response (#570) 
With impersonation we assign an actor claim to our JWT/ID Tokens. This change adds the actor claim to the introspection response to follow suit.

This PR also adds the `auth_time` and `amr` claims for consistency.
 2024-03-18 11:36:16 +01:00
Tim Möhlmann
4d63d68c9e
feat(op): allow setting the actor to Token Requests (#569) 
For impersonation token exchange we need to persist the actor throughout token requests, including refresh token.
This PR adds the optional TokenActorRequest interface which allows to pass such actor.
 2024-03-14 06:57:44 +00:00
dependabot[bot]
9afc07c0cb
chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#568) 
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-14 06:55:56 +00:00
Silvan
aae9c86f1a
Merge pull request #564 from zitadel/extend-tracing 
feat(op): extend tracing for more detailed spans
feat(client): add possibility of tracing client calls
 2024-03-14 07:53:57 +01:00
adlerhurst
565a022e91 Merge branch 'extend-tracing' of https://github.com/zitadel/oidc into extend-tracing 2024-03-14 07:51:35 +01:00
adlerhurst
03f3bc693b fix test 2024-03-14 07:50:29 +01:00
Silvan
0ffd13c780
Merge branch 'main' into extend-tracing 2024-03-13 15:45:19 +01:00
adlerhurst
1b94f796eb move tracer to client, 
add tracing in rs, client
 2024-03-13 15:45:03 +01:00
Tim Möhlmann
ad79802968
feat: extend token exchange response (#567) 
* feat: extend token exchange response

This change adds fields to the token exchange and token claims types.

The `act` claim has been added to describe the actor in case of impersonation or delegation. An actor can be nested in case an obtained token is used as actor token to obtain impersonation or delegation. This allows creating a chain of actors. See [RFC 8693, section 4.1](https://www.rfc-editor.org/rfc/rfc8693#name-act-actor-claim).

The `id_token` field has been added to the Token Exchange response  so an ID Token can be returned along with an access token. This is not specified in RFC 8693, but it allows us be consistent with OpenID responses when the scope `openid` is set, while the requested token type may remain access token.

* allow jwt profile for token exchange client

* add invalid target error
 2024-03-13 16:26:09 +02:00
dependabot[bot]
1532a5c78b
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 (#566) 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-08 07:35:47 +01:00
adlerhurst
0fe7c3307f fix parse 2024-03-07 15:25:23 +01:00
adlerhurst
7069813ec7 correct span names 2024-03-07 10:44:24 +01:00
adlerhurst
88209ac11d fix tests 2024-03-06 19:08:48 +01:00
adlerhurst
bdcccc3303 feat(client): tracing in rp 2024-03-06 18:39:27 +01:00
adlerhurst
d18aba8cb3 feat(rp): extend tracing 2024-03-06 18:38:37 +01:00
Tim Möhlmann
e3e48882df
chore: upgrade to v3 guide (#463) 
* chore: upgrade to v3 guide

first version with sed scripts.

* tidy up introduction info

* process feedback from @muir

* logging chapter

* server interface chapter

* update readme with v3 badges and link to update guide

* resolve comments
 2024-03-05 13:09:14 +00:00
Ayato
5ef597b1db
feat(op): Add response_mode: form_post (#551) 
* feat(op): Add response_mode: form_post

* Fix to parse the template ahead of time

* Fix to render the template in a buffer

* Remove unnecessary import

* Fix test

* Fix example client setting

* Make sure the client not to reuse the content of the response

* Fix error handling

* Add the response_mode param

* Allow implicit flow in the example app

* feat(rp): allow form_post in code exchange callback handler

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
 2024-03-05 15:04:43 +02:00
dependabot[bot]
fc743a69c7
chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#562) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-05 11:07:48 +01:00
dependabot[bot]
7bac3c6f40
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#560) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-04 08:10:55 +01:00
Tim Möhlmann
972b8981e5
feat: go 1.22 and slog migration (#557) 
This change adds Go 1.22 as a build target and drops support for Go 1.20 and older. The golang.org/x/exp/slog import is migrated to log/slog.

Slog has been part of the Go standard library since Go 1.21. Therefore we are dropping support for older Go versions. This is in line of our support policy of "the latest two Go versions".
 2024-02-28 10:44:14 +01:00
dependabot[bot]
38c025f7f8
chore(deps): bump codecov/codecov-action from 4.0.1 to 4.1.0 (#559) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.0.1...v4.1.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-27 10:09:14 +02:00
dependabot[bot]
385060930d
chore(deps): bump actions/add-to-project from 0.5.0 to 0.6.0 (#558) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-27 10:05:38 +02:00
dependabot[bot]
b93f625088
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.2 (#554) 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-26 10:47:11 +02:00
dependabot[bot]
a6a206b021
chore(deps): bump go.opentelemetry.io/otel/trace from 1.23.1 to 1.24.0 (#556) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-26 10:45:58 +02:00
Jan-Otto Kröpke
f4bbffb51b
feat: Add rp.WithAuthStyle as Option (#546) 
* feat: Add rp.WithAuthStyle as Option

* Update integration_test.go

* Update integration_test.go

* Update integration_test.go
 2024-02-23 12:18:06 +02:00
Jan-Otto Kröpke
b45072a4c0
fix: Set unauthorizedHandler, if not defined (#547) 2024-02-21 12:17:00 +02:00
dependabot[bot]
3e593474e9
chore(deps): bump github.com/go-chi/chi/v5 from 5.0.11 to 5.0.12 (#548) 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.11 to 5.0.12.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.0.11...v5.0.12)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-19 12:14:41 +02:00
Fabi
c5619ab4ff
Merge pull request #544 from zitadel/livio-a-patch-1 
chore: ignore dependabot for board PRs
 2024-02-13 10:53:35 +01:00
dependabot[bot]
da8b73f342
chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (#542) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-09 15:16:10 +00:00
dependabot[bot]
1eebaf8d6f
chore(deps): bump go.opentelemetry.io/otel from 1.23.0 to 1.23.1 (#540) 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.23.0 to 1.23.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.0...v1.23.1)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-09 16:14:46 +01:00
dependabot[bot]
625a4e480d
chore(deps): bump go.opentelemetry.io/otel/trace from 1.23.0 to 1.23.1 (#539) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.23.0 to 1.23.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.0...v1.23.1)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-09 16:14:24 +01:00
Livio Spring
ee8152f19e
chore: ignore dependabot for board PRs 2024-02-09 16:11:59 +01:00
dependabot[bot]
3ea6173860
chore(deps): bump actions-ecosystem/action-add-labels (#530) 
Bumps [actions-ecosystem/action-add-labels](https://github.com/actions-ecosystem/action-add-labels) from 1.1.0 to 1.1.3.
- [Release notes](https://github.com/actions-ecosystem/action-add-labels/releases)
- [Commits](https://github.com/actions-ecosystem/action-add-labels/compare/v1.1.0...v1.1.3)

---
updated-dependencies:
- dependency-name: actions-ecosystem/action-add-labels
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 18:30:44 +02:00
dependabot[bot]
34f44325b8
chore(deps): bump go.opentelemetry.io/otel/trace from 1.22.0 to 1.23.0 (#534) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.22.0...v1.23.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 18:29:38 +02:00
dependabot[bot]
7a45a86452
chore(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 (#531) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.5 to 4.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.5...v4.0.1)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 18:26:46 +02:00
Fabi
0992c5f3ce
Merge pull request #536 from zitadel/livio-a-patch-1 
chore: ignore dependabot for board PRs
 2024-02-07 07:33:07 +01:00
Livio Spring
25e103b243
chore: ignore dependabot for board PRs 2024-02-07 07:30:04 +01:00
Fabi
984346f9ef
chore: remove dependabot prs (#529) 2024-02-02 14:33:52 +01:00
Fabi
2aa8a327f6
chore: update pm board action (#528) 
* chore: update pm board action 

automatically ad prs of non engineers to board and label community prs

* Update issue.yml
 2024-02-02 12:57:41 +02:00
Tim Möhlmann
045b59e5a5
fix(op): allow expired id token hints in authorize (#527) 
Like https://github.com/zitadel/oidc/pull/522 for end session,
this change allows passing an expired ID token hint to the authorize endpoint.
 2024-02-01 13:49:22 +01:00
dependabot[bot]
35d9540fd7
chore(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 (#526) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.4 to 3.1.5.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-30 11:56:16 +02:00
Tim Möhlmann
e9bd7d7bac
feat(op): split the access and ID token hint verifiers (#525) 
* feat(op): split the access and ID token hint verifiers

In zitadel we require different behaviors wrt public key expiry between access tokens and ID token hints.
This change splits the two verifiers in the OP.
The default is still based on Storage and passed to both verifier fields.

* add new options to tests
 2024-01-26 16:44:50 +01:00
dependabot[bot]
437a0497ab
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#523) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-24 13:54:30 +02:00
Tim Möhlmann
b8e520afd0
fix: allow expired ID token hint to end sessions (#522) 
* fix: allow expired ID token hint to end sessions

This change adds a specific error for expired ID Token hints, including too old "issued at" and "max auth age".
The error is returned VerifyIDTokenHint so that the end session handler can choose to ignore this error.

This fixes the behavior to be in line with [OpenID Connect RP-Initiated Logout 1.0, section 4](https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ValidationAndErrorHandling).

* Tes IDTokenHintExpiredError
 2024-01-19 11:30:51 +01:00
dependabot[bot]
3f26eb10ad
chore(deps): bump go.opentelemetry.io/otel/trace from 1.21.0 to 1.22.0 (#520) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...v1.22.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-18 12:26:18 +02:00