zitadel-oidc

Author	SHA1	Message	Date
Fabi	d693ed0e8c	docs: issue templates	2023-05-31 14:07:04 +02:00
Tim Möhlmann	a4dbe2a973	fix: enforce device authorization grant type (#400 )	2023-05-26 10:52:35 +02:00
Tim Möhlmann	09bdd1dca2	fix: token type from client for device auth (#398 )	2023-05-24 09:39:11 +02:00
dependabot[bot]	941ed10780	chore(deps): bump github.com/sirupsen/logrus from 1.9.1 to 1.9.2 (#394 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.1 to 1.9.2. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.1...v1.9.2) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-24 10:38:47 +03:00
dependabot[bot]	268e72420f	chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#397 ) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-23 13:37:23 +03:00
Elio Bischof	6a891b3e03	Merge pull request #396 from zitadel/hifabienne-patch-1 chore: add dry to pr template	2023-05-22 09:36:45 +02:00
Fabi	d1dfb284e5	docs: add dry to pr template	2023-05-22 09:21:52 +02:00
dependabot[bot]	e9c1bec01e	chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#395 ) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-19 12:31:23 +03:00
dependabot[bot]	8d0819ee8a	chore(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.1 (#392 ) Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-17 08:12:21 +02:00
Fabi	0b916d9b69	docs: pull request template (#386 ) * docs: pull request template * Rename pull_request_template to pull_request_template.md	2023-05-12 06:57:41 +02:00
dependabot[bot]	50271a9c19	chore(deps): bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#391 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0 to 0.8.0. - [Commits](https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-10 18:43:59 +02:00
David Sharnoff	157bc6ceb0	feat: coverage prompt=none, response_mode=fragment (#385 )	2023-05-03 12:56:47 +02:00
David Sharnoff	e62473ba71	chore: improve error message when issuer is invalid (#383 )	2023-05-03 12:09:19 +02:00
Tim Möhlmann	54eb823637	chore: update securty policy to latest versions (#380 )	2023-05-02 11:35:15 +02:00
Tim Möhlmann	edf306219f	chore(rp): add a custom claims test for VerifyIDToken (#375 )	2023-05-02 11:31:30 +02:00
mffap	7997994be4	chore(docs): add oidc link to badge (#382 )	2023-04-26 12:29:35 +03:00
dependabot[bot]	d3359d7c72	chore(deps): bump codecov/codecov-action from 3.1.2 to 3.1.3 (#381 ) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v3.1.2...v3.1.3) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-26 12:27:55 +03:00
dependabot[bot]	7aa96feb6a	chore(deps): bump codecov/codecov-action from 3.1.1 to 3.1.2 (#373 ) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v3.1.1...v3.1.2) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-18 12:15:21 +03:00
dependabot[bot]	2c7ca3a305	chore(deps): bump github.com/rs/cors from 1.8.3 to 1.9.0 (#369 ) Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.8.3 to 1.9.0. - [Release notes](https://github.com/rs/cors/releases) - [Commits](https://github.com/rs/cors/compare/v1.8.3...v1.9.0) --- updated-dependencies: - dependency-name: github.com/rs/cors dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-14 15:32:02 +03:00
David Sharnoff	f0d46593e0	feat: rp.RefreshAccessToken() now may provide an updated IDToken (#365 )	2023-04-13 16:37:50 +03:00
Tim Möhlmann	8730a1685e	feat: custom endpoint for device authorization (#368 )	2023-04-13 11:25:49 +02:00
Tim Möhlmann	44f8403574	feat: get issuer from context for device auth (#363 ) * feat: get issuer from context for device auth * use distinct UserFormURL and UserFormPath - Properly deprecate UserFormURL and default to old behaviour, to prevent breaking change. - Refactor unit tests to test both cases. * update example	2023-04-11 20:29:17 +02:00
dependabot[bot]	97bc09583d	chore(deps): bump golang.org/x/oauth2 from 0.6.0 to 0.7.0 (#362 ) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/oauth2/releases) - [Commits](https://github.com/golang/oauth2/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-10 10:37:08 +03:00
dependabot[bot]	54c87ada6f	chore(deps): bump golang.org/x/text from 0.8.0 to 0.9.0 (#361 ) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-10 10:35:15 +03:00
Tim Möhlmann	057538d555	fix: resolve nil pointer panic in Authorize (#358 ) When ParseAuthorizeRequest received an invalid URL, for example containing a semi-colon `;`, AuthRequestError used to panic. This was because a typed nil was passed as a interface argument. The nil check inside AuthRequestError always resulted in false, allowing access through the nil pointer. Fixes #315	2023-04-05 10:02:37 +02:00
Livio Spring	c72aa8f9a1	fix: use Form instead of PostForm in ClientIDFromRequest (#360 )	2023-04-04 13:45:30 +02:00
Livio Spring	dc2bdc6202	fix: improve error handling when getting ClientIDFromRequest (#359 )	2023-04-04 12:48:18 +02:00
dependabot[bot]	211b17589e	chore(deps): bump actions/add-to-project from 0.4.1 to 0.5.0 (#357 ) Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.4.1 to 0.5.0. - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/v0.4.1...v0.5.0) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-04 07:36:29 +02:00
Thomas Hipp	1a2db3683f	fix: Only set GrantType once (#353 ) This fixes an issue where, when using the device authorization flow, the grant type would be set twice. Some OPs don't accept this, and fail when polling. With this fix the grant type is only set once, which will make some OPs happy again. Fixes #352	2023-03-29 07:51:10 +00:00
Tim Möhlmann	b7d18bfd02	chore: document non-standard glob client (#328 ) * op: correct typo rename checkURIAginstRedirects to checkURIAgainstRedirects * chore: document standard deviation when using globs add example on how to toggle the underlying client implementation based on DevMode. --------- Co-authored-by: David Sharnoff <dsharnoff@singlestore.com>	2023-03-28 14:58:57 +03:00
David Sharnoff	e1d50faf9b	fix: do not modify userInfo when marshaling	2023-03-28 12:58:34 +03:00
Tim Möhlmann	be3cc13c27	fix: merge user info claims into id token claims (#349 ) oidc IDTokenClaims.SetUserInfo did not set the claims map from user info. This fix merges the claims map into the IDToken Claims map.	2023-03-27 16:41:09 +03:00
David Sharnoff	c9555c7f1b	feat: add CanSetUserinfoFromRequest interface (#347 )	2023-03-24 18:55:41 +02:00
dependabot[bot]	edc9a1f60d	Merge pull request #340 from zitadel/dependabot/github_actions/actions/setup-go-4	2023-03-23 12:25:50 +00:00
Tim Möhlmann	a08ce50091	fix: correct returned field for JWTTokenRequest JWTTokenRequest.GetIssuedAt() was returning the ExpiresAt field. This change corrects that by returning IssuedAt instead. This bug was introduced in #283	2023-03-21 11:46:42 +02:00
dependabot[bot]	3c1e81e6a6	chore(deps): bump actions/setup-go from 3 to 4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-20 19:59:14 +00:00
Tim Möhlmann	115813ee38	fix: handle the zero cases for oidc.Time	2023-03-20 17:18:11 +02:00
Tim Möhlmann	890a7f3ed4	feat: GetUserinfo helper method for IDTokenClaims (#337 )	2023-03-20 11:06:32 +02:00
dependabot[bot]	bb392314d8	chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.29.0 to 1.29.1. - [Release notes](https://github.com/protocolbuffers/protobuf-go/releases) - [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash) - [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.29.0...v1.29.1) --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-03-17 09:52:16 +02:00
Tim Möhlmann	62caf5dafe	chore: update features in readme - rotated features table for better rendering - add links to specifications in feature table - remove redundant links from the resources section - changed "Token Exhange" feature to full yes (PR #255) - add "Device Authorization" with full yes (PR #285)	2023-03-16 18:44:02 +02:00
Tim Möhlmann	c3775aceaa	Merge pull request #330 from zitadel/main-next Merges the next branch into main, releasing V2.	2023-03-16 15:01:37 +02:00
Tim Möhlmann	0476b5946e	Merge branch 'next' into main-next prepare the merge of next into main by resolving merge conflicts.	2023-03-15 16:26:32 +02:00
Tim Möhlmann	c6820ba88a	fix: unmarshalling of scopes in access token (#327 ) The Scopes field in accessTokenClaims should be a SpaceDelimitedArray, in order to allow for correct unmarshalling. Fixes #318 * adjust test data	2023-03-15 14:44:49 +01:00
Tim Möhlmann	0f3d4f4828	chore: update all modules (#321 )	2023-03-15 15:37:02 +02:00
Tim Möhlmann	26d8e32636	chore: test all routes Co-authored-by: David Sharnoff <dsharnoff@singlestore.com>	2023-03-15 14:32:14 +01:00
Tim Möhlmann	711a194b50	fix: allow RFC3339 encoded time strings Fixes #292	2023-03-15 15:18:33 +02:00
Tim Möhlmann	dea8bc96ea	refactor: use struct types for claim related types (#283 ) * oidc: add regression tests for token claim json this helps to verify that the same JSON is produced, after these types are refactored. * refactor: use struct types for claim related types BREAKING CHANGE: The following types are changed from interface to struct type: - AccessTokenClaims - IDTokenClaims - IntrospectionResponse - UserInfo and related types. The following methods of OPStorage now take a pointer to a struct type, instead of an interface: - SetUserinfoFromScopes - SetUserinfoFromToken - SetIntrospectionFromToken The following functions are now generic, so that type-safe extension of Claims is now possible: - op.VerifyIDTokenHint - op.VerifyAccessToken - rp.VerifyTokens - rp.VerifyIDToken - Changed UserInfoAddress to pointer in UserInfo and IntrospectionResponse. This was needed to make omitempty work correctly. - Copy or merge maps in IntrospectionResponse and SetUserInfo * op: add example for VerifyAccessToken * fix: rp: wrong assignment in WithIssuedAtMaxAge WithIssuedAtMaxAge assigned its value to v.maxAge, which was wrong. This change fixes that by assiging the duration to v.maxAgeIAT. * rp: add VerifyTokens example * oidc: add standard references to: - IDTokenClaims - IntrospectionResponse - UserInfo * only count coverage for `./pkg/...`	2023-03-10 16:31:22 +02:00
Tim Möhlmann	eea2ed1a51	fix: unmarshalling of scopes in access token (#320 ) The Scopes field in accessTokenClaims should be a SpaceDelimitedArray, in order to allow for correct unmarshalling. Fixes #318	2023-03-10 09:46:25 +02:00
Tim Möhlmann	4bd2b742f9	chore: remove unused context in NewOpenIDProvider BREAKING CHANGE: - op.NewOpenIDProvider - op.NewDynamicOpenIDProvider The call chain of above functions did not use the context anywhere. This change removes the context from those fucntion arguments.	2023-03-08 16:49:12 +02:00
dependabot[bot]	62f2df7fa3	chore(deps): bump actions/add-to-project from 0.4.0 to 0.4.1 (#294 ) Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.4.0 to 0.4.1. - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/v0.4.0...v0.4.1) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-06 14:34:12 +02:00

1 2 3 4 5 ...

424 commits