zitadel-oidc

Author	SHA1	Message	Date
dependabot[bot]	9c582989d9	chore(deps): bump actions/setup-go from 4 to 5 (#498 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-14 11:58:03 +02:00
Stephen Andary	9d12d1d900	feat(op): PKCE Verification in Legacy Server when AuthMethod is not NONE and CodeVerifier is not Empty (#496 ) * add logic for legacy server pkce verification when auth method is not None, and code verifier is not empty. * update per Tim's direction	2023-12-07 17:36:03 +02:00
mffap	ed21cdd4ce	docs: update features client credential grant (#497 ) Introduced with https://github.com/zitadel/oidc/pull/494	2023-12-06 11:51:24 +02:00
Oleksandr Shepetko	3a4d44cae7	fix(crypto): nil pointer dereference in crypto.BytesToPrivateKey (#491 ) (#493 )	2023-12-05 17:15:59 +02:00
Tim Möhlmann	fe3e02b80a	feat(rp): client credentials grant (#494 ) This change adds Client Credentials grant to the Relying Party. As specified in [RFC 6749, section 4.4](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)	2023-12-05 06:40:16 +01:00
dependabot[bot]	4d05eade5e	chore(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#492 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.14.0 to 0.15.0. - [Commits](https://github.com/golang/oauth2/compare/v0.14.0...v0.15.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-28 09:59:39 +02:00
Stefan Benz	a8ef8de87b	feat(op): JWT profile verifier with keyset feat(op): JWT profile verifier with keyset	2023-11-21 10:26:57 +01:00
Jan-Otto Kröpke	7d0cdec925	fix(examples): Offer Storage with non-global client (#489 )	2023-11-20 14:40:42 +02:00
Kory Prince	7b64687990	feat: Allow CORS policy to be configured (#484 ) * Add configurable CORS policy in OpenIDProvider * Add configurable CORS policy to Server * remove duplicated CORS middleware * Allow nil CORS policy to be set to disable CORS middleware * create a separate handler on webServer so type assertion works in tests	2023-11-17 15:33:48 +02:00
dependabot[bot]	ce55068aa9	chore(deps): bump go.opentelemetry.io/otel from 1.20.0 to 1.21.0 (#488 ) Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.20.0 to 1.21.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.20.0...v1.21.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-17 10:03:56 +02:00
Tim Möhlmann	f6bd17e8db	correct comment	2023-11-13 19:28:01 +02:00
Tim Möhlmann	c6b5544516	Merge branch 'main' into perf-introspection	2023-11-13 18:17:09 +02:00
dependabot[bot]	f014796c45	chore(deps): bump go.opentelemetry.io/otel/trace from 1.19.0 to 1.20.0 (#481 ) Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.19.0 to 1.20.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.19.0...v1.20.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/trace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-13 07:34:53 +01:00
Tim Möhlmann	d88c0ac296	fix(op): export NewProvider to allow customized issuer (#479 )	2023-11-10 15:26:54 +01:00
Tim Möhlmann	7475023a65	feat(op): issuer from custom headers (#478 )	2023-11-10 14:18:08 +02:00
Tim Möhlmann	f7a0f7cb0b	feat(op): create a JWT profile with a keyset	2023-11-10 09:36:08 +02:00
dependabot[bot]	0cfc32345a	chore(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 (#476 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.13.0 to 0.14.0. - [Commits](https://github.com/golang/oauth2/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-09 16:37:03 +02:00
dependabot[bot]	0ee3079b11	chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#475 ) Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-08 14:07:51 +02:00
dependabot[bot]	60b80a73c4	chore(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 (#474 ) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-06 09:48:41 +02:00
dependabot[bot]	e260118fb2	chore(deps): bump github.com/gorilla/securecookie from 1.1.1 to 1.1.2 (#473 ) Bumps [github.com/gorilla/securecookie](https://github.com/gorilla/securecookie) from 1.1.1 to 1.1.2. - [Release notes](https://github.com/gorilla/securecookie/releases) - [Commits](https://github.com/gorilla/securecookie/compare/v1.1.1...v1.1.2) --- updated-dependencies: - dependency-name: github.com/gorilla/securecookie dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-06 09:48:06 +02:00
dependabot[bot]	d58ab6a115	chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#470 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-27 15:58:54 +03:00
dependabot[bot]	f6242db78d	chore(deps): bump github.com/zitadel/logging from 0.4.0 to 0.5.0 (#469 ) Bumps [github.com/zitadel/logging](https://github.com/zitadel/logging) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/zitadel/logging/releases) - [Changelog](https://github.com/zitadel/logging/blob/main/.releaserc.js) - [Commits](https://github.com/zitadel/logging/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: github.com/zitadel/logging dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-25 09:33:53 +03:00
Tim Möhlmann	73a1982077	fix(server): do not get client by id for introspection (#467 ) As introspection is a Oauth mechanism for resource servers only, it does not make sense to get an oidc client by ID. The original OP did not do this and now we make the server behavior similar.	2023-10-24 18:07:20 +03:00
Tim Möhlmann	e5f0dca0e4	fix: build callback url from server, not op (#468 )	2023-10-24 18:06:04 +03:00
Tim Möhlmann	bab5399859	feat(op): allow Legacy Server extension (#466 ) This change splits the constructor and registration of the Legacy Server. This allows it to be extended by struct embedding.	2023-10-24 10:20:02 +03:00
Tim Möhlmann	164c5b28c7	fix(op): terminate session from request in legacy server (#465 )	2023-10-24 10:16:58 +03:00
Tim Möhlmann	ef9477cac0	chore: v2 maintenance releases (#459 )	2023-10-24 08:29:40 +02:00
mffap	9c0696306f	docs: update security policy (#464 )	2023-10-23 17:16:48 +03:00
Tim Möhlmann	434b2e62d8	chore(op): upgrade go-chi/chi to v5 (#462 )	2023-10-16 11:02:56 +02:00
Tim Möhlmann	0dc2a6e7a1	fix(op): return state in token response only for implicit flow (#460 ) * fix(op): return state in token response only for implicit flow * oops	2023-10-13 12:17:03 +00:00
Tim Möhlmann	976b40620c	Merge pull request #456 from zitadel/next-main Merge next into main in order to release v3. Merge conflicts were handled in an intermediate branch. BREAKING CHANGE - Just making sure v3 release is triggered.	2023-10-13 08:44:41 +03:00
Tim Möhlmann	d9487ef77d	Merge branch 'next' into next-main	2023-10-12 16:07:49 +03:00
dependabot[bot]	bb115d8f6a	chore(deps): bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (#454 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.12.0 to 0.13.0. - [Commits](https://github.com/golang/oauth2/compare/v0.12.0...v0.13.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-12 12:44:59 +03:00
dependabot[bot]	1291bf6881	chore(deps): bump github.com/rs/cors from 1.10.0 to 1.10.1 (#451 ) Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.10.0 to 1.10.1. - [Release notes](https://github.com/rs/cors/releases) - [Commits](https://github.com/rs/cors/compare/v1.10.0...v1.10.1) --- updated-dependencies: - dependency-name: github.com/rs/cors dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-12 12:41:50 +03:00
Thomas Hipp	e6e3835362	chore: replace `interface{}` with `any` (#448 ) This PR replaces all occurances of interface{} with any to be consistent and improve readability. * example: Replace `interface{}` with `any` Signed-off-by: Thomas Hipp <thomashipp@gmail.com> * pkg/client: Replace `interface{}` with `any` Signed-off-by: Thomas Hipp <thomashipp@gmail.com> * pkg/crypto: Replace `interface{}` with `any` Signed-off-by: Thomas Hipp <thomashipp@gmail.com> * pkg/http: Replace `interface{}` with `any` Signed-off-by: Thomas Hipp <thomashipp@gmail.com> * pkg/oidc: Replace `interface{}` with `any` Signed-off-by: Thomas Hipp <thomashipp@gmail.com> * pkg/op: Replace `interface{}` with `any` Signed-off-by: Thomas Hipp <thomashipp@gmail.com> --------- Signed-off-by: Thomas Hipp <thomashipp@gmail.com>	2023-10-12 12:41:04 +03:00
dependabot[bot]	ceaf2b184d	chore(deps): bump go.opentelemetry.io/otel/trace from 1.18.0 to 1.19.0 (#449 ) Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.18.0 to 1.19.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.18.0...v1.19.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/trace dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-12 11:55:35 +03:00
dependabot[bot]	8488cb054b	chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 (#455 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.15.0 to 0.17.0. - [Commits](https://github.com/golang/net/compare/v0.15.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-12 07:56:52 +02:00
Tim Möhlmann	0f8a0585bf	feat(op): Server interface (#447 ) * first draft of a new server interface * allow any response type * complete interface docs * refelct the format from the proposal * intermediate commit with some methods implemented * implement remaining token grant type methods * implement remaining server methods * error handling * rewrite auth request validation * define handlers, routes * input validation and concrete handlers * check if client credential client is authenticated * copy and modify the routes test for the legacy server * run integration tests against both Server and Provider * remove unuse ValidateAuthRequestV2 function * unit tests for error handling * cleanup tokenHandler * move server routest test * unit test authorize * handle client credentials in VerifyClient * change code exchange route test * finish http unit tests * review server interface docs and spelling * add withClient unit test * server options * cleanup unused GrantType method * resolve typo comments * make endpoints pointers to enable/disable them * jwt profile base work * jwt: correct the test expect --------- Co-authored-by: Livio Spring <livio.a@gmail.com>	2023-09-28 17:30:08 +03:00
dependabot[bot]	47cd8f376d	chore(deps): bump go.opentelemetry.io/otel from 1.17.0 to 1.18.0 (#445 ) Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.17.0 to 1.18.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.17.0...v1.18.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-14 16:12:20 +03:00
Tim Möhlmann	364a7591d6	feat: issuer from Forwarded header (#443 )	2023-09-07 15:25:39 +03:00
dependabot[bot]	607a76c154	chore(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 (#441 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/oauth2/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-06 14:53:08 +03:00
dependabot[bot]	61f1925f51	chore(deps): bump github.com/rs/cors from 1.9.0 to 1.10.0 (#442 ) Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/rs/cors/releases) - [Commits](https://github.com/rs/cors/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/rs/cors dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-06 14:52:18 +03:00
dependabot[bot]	0bc75d86ff	chore(deps): bump cycjimmy/semantic-release-action from 3 to 4 (#438 ) Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 3 to 4. - [Release notes](https://github.com/cycjimmy/semantic-release-action/releases) - [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/cycjimmy/semantic-release-action/compare/v3...v4) --- updated-dependencies: - dependency-name: cycjimmy/semantic-release-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-05 00:47:21 +03:00
dependabot[bot]	52a7fff314	chore(deps): bump actions/checkout from 3 to 4 (#439 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-05 00:46:36 +03:00
Tim Möhlmann	daf82a5e04	chore(deps): migrage jose to go-jose/v3 (#433 ) closes #390	2023-09-01 14:33:16 +03:00
Tim Möhlmann	1683b319ae	feat(op): add opentelemetry to token endpoint (#436 ) * feat(op): add opentelemetry to token endpoint * drop go 1.18, add 1.21, do not fail fast	2023-09-01 10:53:14 +02:00
David Sharnoff	5ade1cd9de	feat: add typ:JWT header to tokens (#435 )	2023-08-31 12:47:17 +03:00
Tim Möhlmann	0879c88399	feat: add slog logging (#432 ) * feat(op): user slog for logging integrate with golang.org/x/exp/slog for logging. provide a middleware for request scoped logging. BREAKING CHANGES: 1. OpenIDProvider and sub-interfaces get a Logger() method to return the configured logger; 2. AuthRequestError now takes the complete Authorizer, instead of only the encoder. So that it may use its Logger() method. 3. RequestError now takes a Logger as argument. * use zitadel/logging * finish op and testing without middleware for now * minimum go version 1.19 * update go mod * log value testing only on go 1.20 or later * finish the RP and example * ping logging release	2023-08-29 14:07:45 +02:00
dependabot[bot]	d7e88060be	chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 (#431 ) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-08-23 18:29:03 +02:00
Tim Möhlmann	ce85a8b820	fix(exampleop): pass the issuer interceptor to login (#430 ) * fix(exampleop): pass the issuer interceptor to login * undo example testing changes	2023-08-21 07:44:33 +02:00

... 2 3 4 5 6 ...

665 commits