cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
560 commits 8 branches 227 tags 3.4 MiB
Commit graph

560 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Möhlmann
e3e48882df
chore: upgrade to v3 guide (#463) 
* chore: upgrade to v3 guide

first version with sed scripts.

* tidy up introduction info

* process feedback from @muir

* logging chapter

* server interface chapter

* update readme with v3 badges and link to update guide

* resolve comments
 2024-03-05 13:09:14 +00:00
Ayato
5ef597b1db
feat(op): Add response_mode: form_post (#551) 
* feat(op): Add response_mode: form_post

* Fix to parse the template ahead of time

* Fix to render the template in a buffer

* Remove unnecessary import

* Fix test

* Fix example client setting

* Make sure the client not to reuse the content of the response

* Fix error handling

* Add the response_mode param

* Allow implicit flow in the example app

* feat(rp): allow form_post in code exchange callback handler

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
 2024-03-05 15:04:43 +02:00
dependabot[bot]
fc743a69c7
chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#562) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-05 11:07:48 +01:00
dependabot[bot]
7bac3c6f40
chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#560) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-04 08:10:55 +01:00
Tim Möhlmann
972b8981e5
feat: go 1.22 and slog migration (#557) 
This change adds Go 1.22 as a build target and drops support for Go 1.20 and older. The golang.org/x/exp/slog import is migrated to log/slog.

Slog has been part of the Go standard library since Go 1.21. Therefore we are dropping support for older Go versions. This is in line of our support policy of "the latest two Go versions".
 2024-02-28 10:44:14 +01:00
dependabot[bot]
38c025f7f8
chore(deps): bump codecov/codecov-action from 4.0.1 to 4.1.0 (#559) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.0.1...v4.1.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-27 10:09:14 +02:00
dependabot[bot]
385060930d
chore(deps): bump actions/add-to-project from 0.5.0 to 0.6.0 (#558) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-27 10:05:38 +02:00
dependabot[bot]
b93f625088
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.2 (#554) 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-26 10:47:11 +02:00
dependabot[bot]
a6a206b021
chore(deps): bump go.opentelemetry.io/otel/trace from 1.23.1 to 1.24.0 (#556) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.23.1 to 1.24.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.1...v1.24.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-26 10:45:58 +02:00
Jan-Otto Kröpke
f4bbffb51b
feat: Add rp.WithAuthStyle as Option (#546) 
* feat: Add rp.WithAuthStyle as Option

* Update integration_test.go

* Update integration_test.go

* Update integration_test.go
 2024-02-23 12:18:06 +02:00
Jan-Otto Kröpke
b45072a4c0
fix: Set unauthorizedHandler, if not defined (#547) 2024-02-21 12:17:00 +02:00
dependabot[bot]
3e593474e9
chore(deps): bump github.com/go-chi/chi/v5 from 5.0.11 to 5.0.12 (#548) 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.11 to 5.0.12.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.0.11...v5.0.12)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-19 12:14:41 +02:00
Fabi
c5619ab4ff
Merge pull request #544 from zitadel/livio-a-patch-1 
chore: ignore dependabot for board PRs
 2024-02-13 10:53:35 +01:00
dependabot[bot]
da8b73f342
chore(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (#542) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-09 15:16:10 +00:00
dependabot[bot]
1eebaf8d6f
chore(deps): bump go.opentelemetry.io/otel from 1.23.0 to 1.23.1 (#540) 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.23.0 to 1.23.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.0...v1.23.1)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-09 16:14:46 +01:00
dependabot[bot]
625a4e480d
chore(deps): bump go.opentelemetry.io/otel/trace from 1.23.0 to 1.23.1 (#539) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.23.0 to 1.23.1.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.23.0...v1.23.1)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-09 16:14:24 +01:00
Livio Spring
ee8152f19e
chore: ignore dependabot for board PRs 2024-02-09 16:11:59 +01:00
dependabot[bot]
3ea6173860
chore(deps): bump actions-ecosystem/action-add-labels (#530) 
Bumps [actions-ecosystem/action-add-labels](https://github.com/actions-ecosystem/action-add-labels) from 1.1.0 to 1.1.3.
- [Release notes](https://github.com/actions-ecosystem/action-add-labels/releases)
- [Commits](https://github.com/actions-ecosystem/action-add-labels/compare/v1.1.0...v1.1.3)

---
updated-dependencies:
- dependency-name: actions-ecosystem/action-add-labels
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 18:30:44 +02:00
dependabot[bot]
34f44325b8
chore(deps): bump go.opentelemetry.io/otel/trace from 1.22.0 to 1.23.0 (#534) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.22.0 to 1.23.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.22.0...v1.23.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 18:29:38 +02:00
dependabot[bot]
7a45a86452
chore(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 (#531) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.5 to 4.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.5...v4.0.1)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 18:26:46 +02:00
Fabi
0992c5f3ce
Merge pull request #536 from zitadel/livio-a-patch-1 
chore: ignore dependabot for board PRs
 2024-02-07 07:33:07 +01:00
Livio Spring
25e103b243
chore: ignore dependabot for board PRs 2024-02-07 07:30:04 +01:00
Fabi
984346f9ef
chore: remove dependabot prs (#529) 2024-02-02 14:33:52 +01:00
Fabi
2aa8a327f6
chore: update pm board action (#528) 
* chore: update pm board action 

automatically ad prs of non engineers to board and label community prs

* Update issue.yml
 2024-02-02 12:57:41 +02:00
Tim Möhlmann
045b59e5a5
fix(op): allow expired id token hints in authorize (#527) 
Like https://github.com/zitadel/oidc/pull/522 for end session,
this change allows passing an expired ID token hint to the authorize endpoint.
 2024-02-01 13:49:22 +01:00
dependabot[bot]
35d9540fd7
chore(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 (#526) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.4 to 3.1.5.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3.1.4...v3.1.5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-30 11:56:16 +02:00
Tim Möhlmann
e9bd7d7bac
feat(op): split the access and ID token hint verifiers (#525) 
* feat(op): split the access and ID token hint verifiers

In zitadel we require different behaviors wrt public key expiry between access tokens and ID token hints.
This change splits the two verifiers in the OP.
The default is still based on Storage and passed to both verifier fields.

* add new options to tests
 2024-01-26 16:44:50 +01:00
dependabot[bot]
437a0497ab
chore(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 (#523) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-24 13:54:30 +02:00
Tim Möhlmann
b8e520afd0
fix: allow expired ID token hint to end sessions (#522) 
* fix: allow expired ID token hint to end sessions

This change adds a specific error for expired ID Token hints, including too old "issued at" and "max auth age".
The error is returned VerifyIDTokenHint so that the end session handler can choose to ignore this error.

This fixes the behavior to be in line with [OpenID Connect RP-Initiated Logout 1.0, section 4](https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ValidationAndErrorHandling).

* Tes IDTokenHintExpiredError
 2024-01-19 11:30:51 +01:00
dependabot[bot]
3f26eb10ad
chore(deps): bump go.opentelemetry.io/otel/trace from 1.21.0 to 1.22.0 (#520) 
Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.21.0 to 1.22.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.21.0...v1.22.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-18 12:26:18 +02:00
Tim Möhlmann
57d04e7465
fix: don't force server errors in legacy server (#517) 
* fix: don't force server errors in legacy server

* fix tests and be more consistent with the returned status code
 2024-01-17 16:06:45 +01:00
Tim Möhlmann
844e2337bb
fix(op): check redirect URI in code exchange (#516) 
This changes fixes a missing redirect check in the Legacy Server's Code Exchange handler.
 2024-01-16 07:18:41 +01:00
Jan-Otto Kröpke
984e31a9e2
feat(rp): Add UnauthorizedHandler (#503) 
* RP: Add UnauthorizedHandler

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* remove race condition

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

* Use optional interface

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

---------

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2024-01-09 17:24:05 +02:00
dependabot[bot]
5dcf6de055
chore(deps): bump golang.org/x/oauth2 from 0.15.0 to 0.16.0 (#513) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-09 17:17:04 +02:00
Tim Möhlmann
4d85375702
chore(example): add device package level documentation (#510) 2024-01-08 10:21:28 +01:00
Tim Möhlmann
8923b82142
chore(deps): enable dependabot for the v2 branch (#512) 2024-01-08 10:18:33 +01:00
Jan-Otto Kröpke
e23b1d4754
fix: Implement dedicated error for RevokeToken (#508) 
Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>
 2024-01-08 10:01:34 +02:00
Tim Möhlmann
c37ca25220
feat(op): allow double star globs (#507) 
Related to https://github.com/zitadel/zitadel/issues/5110
 2024-01-05 17:30:17 +02:00
Tim Möhlmann
dce79a73fb
fix(oidc): ignore unknown language tag in userinfo unmarshal (#505) 
* fix(oidc): ignore unknown language tag in userinfo unmarshal

Open system reported an issue where a generic OpenID provider might return language tags like "gb".
These tags are well-formed but unknown and Go returns an error for it.
We already ignored unknown tags is ui_locale arrays lik in AuthRequest.

This change ignores singular unknown tags, like used in the userinfo `locale` claim.

* do not set nil to Locale field
 2023-12-22 10:25:58 +01:00
dependabot[bot]
6a8e144e8d
chore(deps): bump github.com/go-chi/chi/v5 from 5.0.10 to 5.0.11 (#504) 
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) from 5.0.10 to 5.0.11.
- [Release notes](https://github.com/go-chi/chi/releases)
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-chi/chi/compare/v5.0.10...v5.0.11)

---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-20 18:26:55 +02:00
dependabot[bot]
2b35eeb835
chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#502) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-19 12:15:36 +02:00
dependabot[bot]
e6d41bdd5d
chore(deps): bump github/codeql-action from 2 to 3 (#501) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-19 11:54:35 +02:00
Tim Möhlmann
b300027cd7
feat(op): ID token for device authorization grant (#500) 2023-12-18 08:39:39 +01:00
snow
7bdaf9c71d
feat(op): User-configurable claims_supported (#495) 
* User-configurable claims_supported

* Use op.SupportedClaims instead of interface
 2023-12-17 12:06:42 +00:00
dependabot[bot]
bca8833c15
chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 (#499) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-14 11:59:11 +02:00
dependabot[bot]
9c582989d9
chore(deps): bump actions/setup-go from 4 to 5 (#498) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-14 11:58:03 +02:00
Stephen Andary
9d12d1d900
feat(op): PKCE Verification in Legacy Server when AuthMethod is not NONE and CodeVerifier is not Empty (#496) 
* add logic for legacy server pkce verification when auth method is not None, and code verifier is not empty.

* update per Tim's direction
 2023-12-07 17:36:03 +02:00
mffap
ed21cdd4ce
docs: update features client credential grant (#497) 
Introduced with https://github.com/zitadel/oidc/pull/494
 2023-12-06 11:51:24 +02:00
Oleksandr Shepetko
3a4d44cae7
fix(crypto): nil pointer dereference in crypto.BytesToPrivateKey (#491) (#493) 2023-12-05 17:15:59 +02:00
Tim Möhlmann
fe3e02b80a
feat(rp): client credentials grant (#494) 
This change adds Client Credentials grant to the Relying Party.
As specified in [RFC 6749, section 4.4](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4)
 2023-12-05 06:40:16 +01:00