cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
452 commits 8 branches 227 tags 3.4 MiB
Commit graph

452 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Möhlmann
a1a6c199f6 jwt: correct the test expect 2023-09-28 16:48:45 +03:00
Livio Spring
0200c2302f
jwt profile base work 2023-09-28 14:34:49 +02:00
Tim Möhlmann
af22c1a4d8 make endpoints pointers to enable/disable them 2023-09-27 18:09:00 +03:00
Tim Möhlmann
f6cb47fbbb resolve typo comments 2023-09-27 10:03:03 +03:00
Tim Möhlmann
c6f6a8800d cleanup unused GrantType method 2023-09-25 20:07:08 +03:00
Tim Möhlmann
a49ad31735 server options 2023-09-25 20:02:11 +03:00
Tim Möhlmann
e9c494041c add withClient unit test 2023-09-25 19:32:01 +03:00
Tim Möhlmann
abb0bb0d09 review server interface docs and spelling 2023-09-25 18:58:09 +03:00
Tim Möhlmann
d17e452122 finish http unit tests 2023-09-25 18:18:40 +03:00
Tim Möhlmann
f9a4b82b3b change code exchange route test 2023-09-25 12:18:14 +03:00
Tim Möhlmann
b7cbe15ced handle client credentials in VerifyClient 2023-09-25 12:06:25 +03:00
Tim Möhlmann
d27be590c4 unit test authorize 2023-09-22 16:52:32 +03:00
Tim Möhlmann
a88181b611 move server routest test 2023-09-22 14:44:34 +03:00
Tim Möhlmann
b12bb7a1f1 cleanup tokenHandler 2023-09-22 14:40:56 +03:00
Tim Möhlmann
57e8b19a8b unit tests for error handling 2023-09-22 10:02:11 +03:00
Tim Möhlmann
6f45991600 remove unuse ValidateAuthRequestV2 function 2023-09-22 07:57:42 +03:00
Tim Möhlmann
46839e095b run integration tests against both Server and Provider 2023-09-21 19:15:03 +03:00
Tim Möhlmann
af2d2942a1 copy and modify the routes test for the legacy server 2023-09-21 18:13:38 +03:00
Tim Möhlmann
c98291a6a7 check if client credential client is authenticated 2023-09-21 12:19:03 +03:00
Tim Möhlmann
aae3492f7b input validation and concrete handlers 2023-09-20 21:45:06 +03:00
Tim Möhlmann
81d42b061d define handlers, routes 2023-09-13 19:13:53 +03:00
Tim Möhlmann
fe3f98a4f9 rewrite auth request validation 2023-09-13 18:03:50 +03:00
Tim Möhlmann
f4dac05713 error handling 2023-09-12 11:17:59 +03:00
Tim Möhlmann
6993769f06 implement remaining server methods 2023-09-11 17:34:27 +03:00
Tim Möhlmann
2b08c53e49 implement remaining token grant type methods 2023-09-11 16:31:31 +03:00
Tim Möhlmann
2902a81161 intermediate commit with some methods implemented 2023-09-08 10:42:27 +03:00
Tim Möhlmann
4fcda01738 refelct the format from the proposal 2023-09-06 15:59:56 +03:00
Tim Möhlmann
c340ed9ed5 complete interface docs 2023-09-05 00:28:03 +03:00
Tim Möhlmann
cf3a87c4c3 allow any response type 2023-09-05 00:05:09 +03:00
Tim Möhlmann
d6a9c0bbb9 first draft of a new server interface 2023-09-04 23:33:51 +03:00
Tim Möhlmann
daf82a5e04
chore(deps): migrage jose to go-jose/v3 (#433) 
closes #390
 2023-09-01 14:33:16 +03:00
Tim Möhlmann
0879c88399
feat: add slog logging (#432) 
* feat(op): user slog for logging

integrate with golang.org/x/exp/slog for logging.
provide a middleware for request scoped logging.

BREAKING CHANGES:

1. OpenIDProvider and sub-interfaces get a Logger()
method to return the configured logger;
2. AuthRequestError now takes the complete Authorizer,
instead of only the encoder. So that it may use its Logger() method.
3. RequestError now takes a Logger as argument.

* use zitadel/logging

* finish op and testing
without middleware for now

* minimum go version 1.19

* update go mod

* log value testing only on go 1.20 or later

* finish the RP and example

* ping logging release
 2023-08-29 14:07:45 +02:00
Tim Möhlmann
6708ef4c24
feat(rp): return oidc.Tokens on token refresh (#423) 
BREAKING CHANGE:
- rename RefreshAccessToken to RefreshToken
- RefreshToken returns *oidc.Tokens instead of *oauth2.Token

This change allows the return of the id_token in an explicit manner,
as part of the oidc.Tokens struct.
The return type is now consistent with the CodeExchange function.

When an id_token is returned, it is verified.
In case no id_token was received,
RefreshTokens will not return an error.

As per specifictation:
https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse

Upon successful validation of the Refresh Token,
the response body is the Token Response of Section 3.1.3.3
except that it might not contain an id_token.

Closes #364
 2023-08-18 14:36:39 +02:00
Tim Möhlmann
e8262cbf1f
chore: cleanup unneeded device storage methods (#399) 
BREAKING CHANGE, removes methods from DeviceAuthorizationStorage:

- GetDeviceAuthorizationByUserCode
- CompleteDeviceAuthorization
- DenyDeviceAuthorization

The methods are now moved to examples as something similar can be
userful for implementers.
 2023-05-26 10:06:33 +02:00
Tim Möhlmann
d5a9bd6d0e
feat: generic Userinfo and Introspect functions (#389) 
BREAKING CHANGE: rp.Userinfo and rs.Introspect now require
a type parameter.
 2023-05-05 12:36:37 +00:00
Giulio Ruggeri
e43ac6dfdf
fix: modify ACRValues parameter type to space separated strings (#388) 
Co-authored-by: Giulio Ruggeri <giulio.ruggeri@posteitaliane.it>
 2023-05-03 10:27:28 +00:00
Tim Möhlmann
a446f4f9da
Merge pull request #374 from zitadel/main-to-next 
chore: merge main into next
 2023-05-02 17:40:20 +03:00
Tim Möhlmann
8dff7ddee0 Merge branch 'main' into main-to-next 2023-04-18 12:32:04 +03:00
dependabot[bot]
7aa96feb6a
chore(deps): bump codecov/codecov-action from 3.1.1 to 3.1.2 (#373) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.1...v3.1.2)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-18 12:15:21 +03:00
dependabot[bot]
2c7ca3a305
chore(deps): bump github.com/rs/cors from 1.8.3 to 1.9.0 (#369) 
Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.8.3 to 1.9.0.
- [Release notes](https://github.com/rs/cors/releases)
- [Commits](https://github.com/rs/cors/compare/v1.8.3...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/rs/cors
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-14 15:32:02 +03:00
David Sharnoff
f0d46593e0
feat: rp.RefreshAccessToken() now may provide an updated IDToken (#365) 2023-04-13 16:37:50 +03:00
Thomas Hipp
312c2a07e2
fix: Only set GrantType once (#353) (#367) 
This fixes an issue where, when using the device authorization flow, the
grant type would be set twice. Some OPs don't accept this, and fail when
polling.

With this fix the grant type is only set once, which will make some OPs
happy again.

Fixes #352
 2023-04-13 16:04:58 +03:00
Tim Möhlmann
8730a1685e
feat: custom endpoint for device authorization (#368) 2023-04-13 11:25:49 +02:00
Tim Möhlmann
44f8403574
feat: get issuer from context for device auth (#363) 
* feat: get issuer from context for device auth

* use distinct UserFormURL and UserFormPath

- Properly deprecate UserFormURL and default to old behaviour,
to prevent breaking change.

- Refactor unit tests to test both cases.

* update example
 2023-04-11 20:29:17 +02:00
dependabot[bot]
97bc09583d
chore(deps): bump golang.org/x/oauth2 from 0.6.0 to 0.7.0 (#362) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/oauth2/releases)
- [Commits](https://github.com/golang/oauth2/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-10 10:37:08 +03:00
dependabot[bot]
54c87ada6f
chore(deps): bump golang.org/x/text from 0.8.0 to 0.9.0 (#361) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.8.0...v0.9.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-10 10:35:15 +03:00
Tim Möhlmann
057538d555
fix: resolve nil pointer panic in Authorize (#358) 
When ParseAuthorizeRequest received an invalid URL,
for example containing a semi-colon `;`,
AuthRequestError used to panic.
This was because a typed nil was passed as a interface argument.
The nil check inside AuthRequestError always resulted in false,
allowing access through the nil pointer.

Fixes #315
 2023-04-05 10:02:37 +02:00
Livio Spring
c72aa8f9a1
fix: use Form instead of PostForm in ClientIDFromRequest (#360) 2023-04-04 13:45:30 +02:00
Livio Spring
dc2bdc6202
fix: improve error handling when getting ClientIDFromRequest (#359) 2023-04-04 12:48:18 +02:00
dependabot[bot]
211b17589e
chore(deps): bump actions/add-to-project from 0.4.1 to 0.5.0 (#357) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.4.1 to 0.5.0.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.4.1...v0.5.0)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-04 07:36:29 +02:00