cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
588 commits 8 branches 227 tags 3.4 MiB
Commit graph

588 commits

This branch
This branch
All branches
Author SHA1 Message Date
Fabi
984346f9ef
chore: remove dependabot prs (#529) 2024-02-02 14:33:52 +01:00
Fabi
2aa8a327f6
chore: update pm board action (#528) 
* chore: update pm board action 

automatically ad prs of non engineers to board and label community prs

* Update issue.yml
 2024-02-02 12:57:41 +02:00
Tim Möhlmann
045b59e5a5
fix(op): allow expired id token hints in authorize (#527) 
Like https://github.com/zitadel/oidc/pull/522 for end session,
this change allows passing an expired ID token hint to the authorize endpoint.
 2024-02-01 13:49:22 +01:00
dependabot[bot]
35d9540fd7
chore(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 (#526) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.4 to 3.1.5.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-30 11:56:16 +02:00
Tim Möhlmann
e9bd7d7bac
feat(op): split the access and ID token hint verifiers (#525) 
* feat(op): split the access and ID token hint verifiers

In zitadel we require different behaviors wrt public key expiry between access tokens and ID token hints.
This change splits the two verifiers in the OP.
The default is still based on Storage and passed to both verifier fields.

* add new options to tests
 2024-01-26 16:44:50 +01:00
dependabot[bot]
437a0497ab
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#523) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-24 13:54:30 +02:00
Tim Möhlmann
b8e520afd0
fix: allow expired ID token hint to end sessions (#522) 
* fix: allow expired ID token hint to end sessions

This change adds a specific error for expired ID Token hints, including too old "issued at" and "max auth age".
The error is returned VerifyIDTokenHint so that the end session handler can choose to ignore this error.

This fixes the behavior to be in line with [OpenID Connect RP-Initiated Logout 1.0, section 4](https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ValidationAndErrorHandling).

* Tes IDTokenHintExpiredError
 2024-01-19 11:30:51 +01:00
dependabot[bot]
3f26eb10ad
chore(deps): bump go.opentelemetry.io/otel/trace from 1.21.0 to 1.22.0 (#520) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...v1.22.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-18 12:26:18 +02:00
Tim Möhlmann
57d04e7465
fix: don't force server errors in legacy server (#517) 
* fix: don't force server errors in legacy server

* fix tests and be more consistent with the returned status code
 2024-01-17 16:06:45 +01:00
Tim Möhlmann
844e2337bb
fix(op): check redirect URI in code exchange (#516) 
This changes fixes a missing redirect check in the Legacy Server's Code Exchange handler.
 2024-01-16 07:18:41 +01:00
Jan-Otto Kröpke
984e31a9e2
feat(rp): Add UnauthorizedHandler (#503) 
* RP: Add UnauthorizedHandler

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* remove race condition

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* Use optional interface

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

---------

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2024-01-09 17:24:05 +02:00
dependabot[bot]
5dcf6de055
chore(deps): bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 (#513) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 17:17:04 +02:00
Tim Möhlmann
4d85375702
chore(example): add device package level documentation (#510) 2024-01-08 10:21:28 +01:00
Tim Möhlmann
8923b82142
chore(deps): enable dependabot for the v2 branch (#512) 2024-01-08 10:18:33 +01:00
Jan-Otto Kröpke
e23b1d4754
fix: Implement dedicated error for RevokeToken (#508) 
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2024-01-08 10:01:34 +02:00
Tim Möhlmann
c37ca25220
feat(op): allow double star globs (#507) 
Related to https://github.com/zitadel/zitadel/issues/5110
 2024-01-05 17:30:17 +02:00
Tim Möhlmann
dce79a73fb
fix(oidc): ignore unknown language tag in userinfo unmarshal (#505) 
* fix(oidc): ignore unknown language tag in userinfo unmarshal

Open system reported an issue where a generic OpenID provider might return language tags like "gb".
These tags are well-formed but unknown and Go returns an error for it.
We already ignored unknown tags is ui_locale arrays lik in AuthRequest.

This change ignores singular unknown tags, like used in the userinfo `locale` claim.

* do not set nil to Locale field
 2023-12-22 10:25:58 +01:00
dependabot[bot]
6a8e144e8d
chore(deps): bump github.com/go-chi/chi/v5 from 5.0.10 to 5.0.11 (#504) 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.10 to 5.0.11.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.0.10...v5.0.11)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-20 18:26:55 +02:00
dependabot[bot]
2b35eeb835
chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#502) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-19 12:15:36 +02:00
dependabot[bot]
e6d41bdd5d
chore(deps): bump github/codeql-action from 2 to 3 (#501) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-19 11:54:35 +02:00
Tim Möhlmann
b300027cd7
feat(op): ID token for device authorization grant (#500) 2023-12-18 08:39:39 +01:00
snow
7bdaf9c71d
feat(op): User-configurable claims_supported (#495) 
* User-configurable claims_supported

* Use op.SupportedClaims instead of interface
 2023-12-17 12:06:42 +00:00
dependabot[bot]
bca8833c15
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#499) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-14 11:59:11 +02:00
dependabot[bot]
9c582989d9
chore(deps): bump actions/setup-go from 4 to 5 (#498) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-14 11:58:03 +02:00
Stephen Andary
9d12d1d900
feat(op): PKCE Verification in Legacy Server when AuthMethod is not NONE and CodeVerifier is not Empty (#496) 
* add logic for legacy server pkce verification when auth method is not None, and code verifier is not empty.

* update per Tim's direction
 2023-12-07 17:36:03 +02:00
mffap
ed21cdd4ce
docs: update features client credential grant (#497) 
Introduced with https://github.com/zitadel/oidc/pull/494
 2023-12-06 11:51:24 +02:00
Oleksandr Shepetko
3a4d44cae7
fix(crypto): nil pointer dereference in crypto.BytesToPrivateKey (#491) (#493) 2023-12-05 17:15:59 +02:00
Tim Möhlmann
fe3e02b80a
feat(rp): client credentials grant (#494) 
This change adds Client Credentials grant to the Relying Party.
As specified in [RFC 6749, section 4.4](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)
 2023-12-05 06:40:16 +01:00
dependabot[bot]
4d05eade5e
chore(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#492) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.14.0 to 0.15.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-28 09:59:39 +02:00
Stefan Benz
a8ef8de87b
feat(op): JWT profile verifier with keyset 
feat(op): JWT profile verifier with keyset
 2023-11-21 10:26:57 +01:00
Jan-Otto Kröpke
7d0cdec925
fix(examples): Offer Storage with non-global client (#489) 2023-11-20 14:40:42 +02:00
Kory Prince
7b64687990
feat: Allow CORS policy to be configured (#484) 
* Add configurable CORS policy in OpenIDProvider

* Add configurable CORS policy to Server

* remove duplicated CORS middleware

* Allow nil CORS policy to be set to disable CORS middleware

* create a separate handler on webServer so type assertion works in tests
 2023-11-17 15:33:48 +02:00
dependabot[bot]
ce55068aa9
chore(deps): bump go.opentelemetry.io/otel from 1.20.0 to 1.21.0 (#488) 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.20.0 to 1.21.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.20.0...v1.21.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-17 10:03:56 +02:00
Tim Möhlmann
f6bd17e8db correct comment 2023-11-13 19:28:01 +02:00
Tim Möhlmann
c6b5544516 Merge branch 'main' into perf-introspection 2023-11-13 18:17:09 +02:00
dependabot[bot]
f014796c45
chore(deps): bump go.opentelemetry.io/otel/trace from 1.19.0 to 1.20.0 (#481) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.19.0 to 1.20.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.19.0...v1.20.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-13 07:34:53 +01:00
Tim Möhlmann
d88c0ac296
fix(op): export NewProvider to allow customized issuer (#479) 2023-11-10 15:26:54 +01:00
Tim Möhlmann
7475023a65
feat(op): issuer from custom headers (#478) 2023-11-10 14:18:08 +02:00
Tim Möhlmann
f7a0f7cb0b feat(op): create a JWT profile with a keyset 2023-11-10 09:36:08 +02:00
dependabot[bot]
0cfc32345a
chore(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 (#476) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.13.0 to 0.14.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-09 16:37:03 +02:00
dependabot[bot]
0ee3079b11
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#475) 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-08 14:07:51 +02:00
dependabot[bot]
60b80a73c4
chore(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 (#474) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.13.0 to 0.14.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.13.0...v0.14.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 09:48:41 +02:00
dependabot[bot]
e260118fb2
chore(deps): bump github.com/gorilla/securecookie from 1.1.1 to 1.1.2 (#473) 
Bumps [github.com/gorilla/securecookie](https://github.com/gorilla/securecookie) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/gorilla/securecookie/releases)
- [Commits](https://github.com/gorilla/securecookie/compare/v1.1.1...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/gorilla/securecookie
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 09:48:06 +02:00
dependabot[bot]
d58ab6a115
chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#470) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-27 15:58:54 +03:00
dependabot[bot]
f6242db78d
chore(deps): bump github.com/zitadel/logging from 0.4.0 to 0.5.0 (#469) 
Bumps [github.com/zitadel/logging](https://github.com/zitadel/logging) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/zitadel/logging/releases)
- [Changelog](https://github.com/zitadel/logging/blob/main/.releaserc.js)
- [Commits](https://github.com/zitadel/logging/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: github.com/zitadel/logging
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-10-25 09:33:53 +03:00
Tim Möhlmann
73a1982077
fix(server): do not get client by id for introspection (#467) 
As introspection is a Oauth mechanism for resource servers only,
it does not make sense to get an oidc client by ID.
The original OP did not do this and now we make the server behavior similar.
 2023-10-24 18:07:20 +03:00
Tim Möhlmann
e5f0dca0e4
fix: build callback url from server, not op (#468) 2023-10-24 18:06:04 +03:00
Tim Möhlmann
bab5399859
feat(op): allow Legacy Server extension (#466) 
This change splits the constructor and registration of the Legacy Server.
This allows it to be extended by struct embedding.
 2023-10-24 10:20:02 +03:00
Tim Möhlmann
164c5b28c7
fix(op): terminate session from request in legacy server (#465) 2023-10-24 10:16:58 +03:00
Tim Möhlmann
ef9477cac0
chore: v2 maintenance releases (#459) 2023-10-24 08:29:40 +02:00