cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
634 commits 8 branches 227 tags 3.4 MiB
Commit graph

634 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Möhlmann
214a899ddd Merge branch 'feat-EdDSA-hasher' into webkey-test-branch 2024-08-20 16:07:59 +03:00
Tim Möhlmann
07d4268b89 example: signing algs from discovery 2024-08-20 16:07:20 +03:00
Tim Möhlmann
0df1caff1b Revert "chore(example): add supported signing algorithms to RP" 
This reverts commit eb249c4c70.
 2024-08-20 16:03:44 +03:00
Tim Möhlmann
6fd74f21d3 Merge branch 'feat-EdDSA-hasher' into work 2024-08-20 11:47:53 +03:00
Tim Möhlmann
248df8c1f1 rp: modify keytype check to support EdDSA 2024-08-20 11:44:09 +03:00
Tim Möhlmann
0e6aafa16c Merge branch 'chore-example-algs' into work 2024-08-20 11:15:33 +03:00
Tim Möhlmann
f5cd665097 Merge branch 'fix-header-map' into work 2024-08-20 10:47:19 +03:00
Tim Möhlmann
2a3e87afff update code comment 2024-08-20 10:44:45 +03:00
Tim Möhlmann
eb249c4c70 chore(example): add supported signing algorithms to RP 2024-08-19 21:04:21 +03:00
Tim Möhlmann
7e1846e6e2 feat(crypto): hash algorithm for EdDSA 2024-08-19 20:57:07 +03:00
Tim Möhlmann
fa73f36780 fix test 2024-08-18 13:14:01 +03:00
Tim Möhlmann
f2545780c8 fix(op): initialize http Headers in response objects 2024-08-17 16:35:30 +03:00
dependabot[bot]
de034c8d24
chore(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#633) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.16.0 to 0.17.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-12 09:52:23 +00:00
Tim Möhlmann
b6f3b1e65b
feat(op): allow returning of parent errors to client (#629) 
* feat(op): allow returning of parent errors to client

* update godoc

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2024-08-09 05:10:11 +00:00
Elio Bischof
6f0a630ad4
fix: overwrite redirect content length (#632) 
* fix: overwrite redirect content length

* copy redirect struct headers
 2024-08-06 12:58:52 +03:00
dependabot[bot]
8f80225a20
chore(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#631) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-06 12:07:00 +03:00
dependabot[bot]
b9bcd6aef9
chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.3 to 4.0.4 (#625) 
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.3...v4.0.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-29 11:14:03 +03:00
dependabot[bot]
7b8be4387a
chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.3 (#624) 
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.2...v4.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-10 13:37:53 +02:00
Livio Spring
e5a428d4be
feat: support PKCS#8 (#623) 2024-07-09 15:55:50 +02:00
dependabot[bot]
fc6716bf22
chore(deps): bump go.opentelemetry.io/otel from 1.27.0 to 1.28.0 (#622) 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.27.0 to 1.28.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.27.0...v1.28.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-04 08:32:12 +02:00
dependabot[bot]
d6b4dc6b2f
chore(deps): bump actions/add-to-project from 1.0.1 to 1.0.2 (#620) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-02 09:20:44 +02:00
dependabot[bot]
e87f433e09
chore(deps): bump github.com/go-chi/chi/v5 from 5.0.14 to 5.1.0 (#619) 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.14 to 5.1.0.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.0.14...v5.1.0)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-01 12:20:28 +03:00
dkaminer
954802b63b
Updating indirect dependencies version in the OIDC GitHub library (#618) 
golang.org/x/crypto, Version: v0.22.0 -→ v0.24.0
golang.org/x/net, Version: v0.23.0 -→ v0.26.0
golang.org/x/sys, Version: v0.19.0 -→ v0.21.0

Co-authored-by: Daphna Kaminer <daphna.kaminer@crowdstrike.com>
 2024-06-27 09:05:47 +00:00
dependabot[bot]
a09d9f7390
chore(deps): bump github.com/go-chi/chi/v5 from 5.0.13 to 5.0.14 (#617) 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.13 to 5.0.14.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.0.13...v5.0.14)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-24 10:42:22 +02:00
dependabot[bot]
371a5aaab4
chore(deps): bump github.com/go-chi/chi/v5 from 5.0.12 to 5.0.13 (#616) 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.12 to 5.0.13.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.0.12...v5.0.13)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-22 10:08:01 +02:00
dependabot[bot]
1c2dc2c0e1
chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 (#615) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.4.1 to 4.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.4.1...v4.5.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-18 07:31:39 +02:00
Tim Möhlmann
da4e683bd3
fix(example): set content-type in the userinfo response (#614) 
This change sets the `content-type` header to `application/json` for the response sent to the browser in the app example.
This enables pretty-printing of the userinfo json document in at least Chromium.
 2024-06-14 07:40:05 +02:00
Tim Möhlmann
a7b5355580
feat(op): allow scope without openid (#613) 
This changes removes the requirement of the openid scope to be set for all token requests.
As this library also support OAuth2-only authentication mechanisms we still want to sanitize requested scopes, but not enforce the openid scope.

Related to https://github.com/zitadel/zitadel/discussions/8068
 2024-06-13 08:16:46 +02:00
dependabot[bot]
9ecdd0cf9a
chore(deps): bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 (#611) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-07 08:16:06 +00:00
dependabot[bot]
7a8f8ade4d
chore(deps): bump golang.org/x/text from 0.15.0 to 0.16.0 (#612) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.15.0 to 0.16.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-07 10:14:04 +02:00
dependabot[bot]
7037344cf4
--- (#610) 
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-27 10:23:36 +02:00
dependabot[bot]
7714a3b113
--- (#609) 
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-21 12:56:32 +02:00
minami yoshihiko
8a47532a8e
feat: add default signature algorithms (#606) 2024-05-17 10:17:54 +00:00
dependabot[bot]
7437309a42
chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.1 to 4.0.2 (#608) 
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.1...v4.0.2)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-17 10:56:21 +02:00
dependabot[bot]
6d1231cb37
chore(deps): bump codecov/codecov-action from 4.3.0 to 4.3.1 (#604) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.3.0...v4.3.1)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-07 07:58:56 +02:00
dependabot[bot]
20d0f189a8
chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#601) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-06 06:44:21 +00:00
dependabot[bot]
30184ae054
chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 (#600) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.14.0 to 0.15.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2024-05-06 06:41:53 +00:00
Yuval Marcus
5a84d8c4bc
fix: Omit non-standard, empty fields in RefreshTokenRequest when performing a token refresh (#599) 
* Add omitempty tags

* Add omitempty to more fields
 2024-05-06 08:13:52 +02:00
Yuval Marcus
24d43f538e
fix: Handle case where verifier Nonce func is nil (#594) 
* Skip nonce check if verifier nonce func is nil

* add unit test
 2024-05-02 09:46:12 +02:00
Tim Möhlmann
37ca0e472a
feat(op): authorize callback handler as argument in legacy server registration (#598) 
This change requires an additional argument to the op.RegisterLegacyServer constructor which passes the Authorize Callback Handler.
This allows implementations to use their own handler instead of the one provided by the package.
The current handler is exported for legacy behavior.

This change is not considered breaking, as RegisterLegacyServer is flagged experimental.

Related to https://github.com/zitadel/zitadel/issues/6882
 2024-04-30 20:27:12 +03:00
dependabot[bot]
099081fc1e
chore(deps): bump github.com/rs/cors from 1.10.1 to 1.11.0 (#596) 
Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.10.1 to 1.11.0.
- [Commits](https://github.com/rs/cors/compare/v1.10.1...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/rs/cors
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-26 08:17:21 +00:00
dependabot[bot]
3e329dd049
chore(deps): bump go.opentelemetry.io/otel from 1.25.0 to 1.26.0 (#595) 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.25.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-26 10:15:22 +02:00
Kotaro Otaka
3512c72f1c
fix: to propagate context (#593) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2024-04-22 11:40:21 +00:00
dependabot[bot]
79daaf1a7a
chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 (#592) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-19 20:27:12 +03:00
Kotaro Otaka
68d4e08f6d
feat: Added the ability to verify ID tokens using the value of id_token_signing_alg_values_supported retrieved from DiscoveryEndpoint (#579) 
* feat(rp): to use signing algorithms from discovery configuration (#574)

* feat: WithSigningAlgsFromDiscovery to verify IDTokenVerifier() behavior in RP with
 2024-04-16 08:41:31 +00:00
Ethan Heilman
959376bde7
Fixes typos in GoDoc and comments (#591) 2024-04-16 08:18:32 +00:00
dependabot[bot]
a77d773ca3
chore(deps): bump codecov/codecov-action from 4.2.0 to 4.3.0 (#590) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.2.0...v4.3.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-16 08:16:57 +00:00
dependabot[bot]
3fa4891f3e
chore(deps): bump actions/add-to-project from 1.0.0 to 1.0.1 (#589) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-16 11:15:39 +03:00
Tim Möhlmann
33f8df7eb2
feat(deps): update go-jose to v4 (#588) 
This change updates to go-jose v4, which was a new major release.

jose.ParseSigned now expects the supported signing algorithms to be passed, on which we previously did our own check. As they use a dedicated type for this, the slice of string needs to be converted. The returned error also need to be handled in a non-standard way in order to stay compatible.

For OIDC v4 we should use the jose.SignatureAlgorithm  type directly and wrap errors, instead of returned static defined errors.

Closes #583
 2024-04-11 18:13:30 +03:00
Jan-Otto Kröpke
06f37f84c1
fix: Fail safe, if optional endpoints are not given (#582) 2024-04-09 13:02:31 +00:00