cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
563 commits 8 branches 227 tags 3.4 MiB
Commit graph

16 commits

Author SHA1 Message Date
Tim Möhlmann
972b8981e5
feat: go 1.22 and slog migration (#557) 
This change adds Go 1.22 as a build target and drops support for Go 1.20 and older. The golang.org/x/exp/slog import is migrated to log/slog.

Slog has been part of the Go standard library since Go 1.21. Therefore we are dropping support for older Go versions. This is in line of our support policy of "the latest two Go versions".
 2024-02-28 10:44:14 +01:00
Tim Möhlmann
d9487ef77d Merge branch 'next' into next-main 2023-10-12 16:07:49 +03:00
Tim Möhlmann
0879c88399
feat: add slog logging (#432) 
* feat(op): user slog for logging

integrate with golang.org/x/exp/slog for logging.
provide a middleware for request scoped logging.

BREAKING CHANGES:

1. OpenIDProvider and sub-interfaces get a Logger()
method to return the configured logger;
2. AuthRequestError now takes the complete Authorizer,
instead of only the encoder. So that it may use its Logger() method.
3. RequestError now takes a Logger as argument.

* use zitadel/logging

* finish op and testing
without middleware for now

* minimum go version 1.19

* update go mod

* log value testing only on go 1.20 or later

* finish the RP and example

* ping logging release
 2023-08-29 14:07:45 +02:00
David Sharnoff
157bc6ceb0
feat: coverage prompt=none, response_mode=fragment (#385) 2023-05-03 12:56:47 +02:00
Giulio Ruggeri
e43ac6dfdf
fix: modify ACRValues parameter type to space separated strings (#388) 
Co-authored-by: Giulio Ruggeri <giulio.ruggeri@posteitaliane.it>
 2023-05-03 10:27:28 +00:00
David Sharnoff
b5da6ec29b
chore(linting): apply gofumpt & goimports to all .go files (#225) 2022-10-05 09:33:10 +02:00
Livio Amstutz
eb10752e48
feat: Token Revocation, Request Object and OP Certification (#130) 
FEATURES (and FIXES):
- support OAuth 2.0 Token Revocation [RFC 7009](https://datatracker.ietf.org/doc/html/rfc7009)
- handle request object using `request` parameter [OIDC Core 1.0 Request Object](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject)
- handle response mode
- added some information to the discovery endpoint:
  - revocation_endpoint (added with token revocation) 
  - revocation_endpoint_auth_methods_supported (added with token revocation)
  - revocation_endpoint_auth_signing_alg_values_supported (added with token revocation)
  - token_endpoint_auth_signing_alg_values_supported (was missing)
  - introspection_endpoint_auth_signing_alg_values_supported (was missing)
  - request_object_signing_alg_values_supported (added with request object)
  - request_parameter_supported (added with request object)
 - fixed `removeUserinfoScopes ` now returns the scopes without "userinfo" scopes (profile, email, phone, addedd) [source diff](https://github.com/caos/oidc/pull/130/files#diff-fad50c8c0f065d4dbc49d6c6a38f09c992c8f5d651a479ba00e31b500543559eL170-R171)
- improved error handling (pkg/oidc/error.go) and fixed some wrong OAuth errors (e.g. `invalid_grant` instead of `invalid_request`)
- improved MarshalJSON and added MarshalJSONWithStatus
- removed deprecated PEM decryption from `BytesToPrivateKey`  [source diff](https://github.com/caos/oidc/pull/130/files#diff-fe246e428e399ccff599627c71764de51387b60b4df84c67de3febd0954e859bL11-L19)
- NewAccessTokenVerifier now uses correct (internal) `accessTokenVerifier` [source diff](https://github.com/caos/oidc/pull/130/files#diff-3a01c7500ead8f35448456ef231c7c22f8d291710936cac91de5edeef52ffc72L52-R52)

BREAKING CHANGE:
- move functions from `utils` package into separate packages
- added various methods to the (OP) `Configuration` interface [source diff](https://github.com/caos/oidc/pull/130/files#diff-2538e0dfc772fdc37f057aecd6fcc2943f516c24e8be794cce0e368a26d20a82R19-R32)
- added revocationEndpoint to `WithCustomEndpoints ` [source diff](https://github.com/caos/oidc/pull/130/files#diff-19ae13a743eb7cebbb96492798b1bec556673eb6236b1387e38d722900bae1c3L355-R391)
- remove unnecessary context parameter from JWTProfileExchange [source diff](https://github.com/caos/oidc/pull/130/files#diff-4ed8f6affa4a9631fa8a034b3d5752fbb6a819107141aae00029014e950f7b4cL14)
 2021-11-02 13:21:35 +01:00
Livio Amstutz
400f5c4de4
fix: parse max_age and prompt correctly (and change scope type) (#105) 
* fix: parse max_age and prompt correctly (and change scope type)

* remove unnecessary omitempty
 2021-06-16 08:34:01 +02:00
Livio Amstutz
542ec6ed7b refactoring 2020-09-25 16:41:25 +02:00
adlerhurst
a731a46ccf fix: aud 2020-09-10 16:24:48 +02:00
adlerhurst
7700cb3539 fix: implement storage 2020-09-10 15:43:21 +02:00
Livio Amstutz
a37a8461a5 lot of unfinished changes 2020-09-08 16:07:49 +02:00
Livio Amstutz
6a0dd7c270 Merge branch 'master' into service-accounts 
# Conflicts:
#	pkg/oidc/authorization.go
 2020-09-07 12:36:10 +02:00
Livio Amstutz
abd3b6f521
fix: handle single aud string claim, extract en/decoder interface, comments (#51) 
* en/decoding abstraction

* some comments

* fix token validation and error messages

* fix: audience mapping (single aud string)

* fix tests with VerifyIdToken

* reformat imports

* go mod tidy

* Update pkg/oidc/authorization.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update pkg/oidc/authorization.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update pkg/op/authrequest_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix capitalization

Co-authored-by: Silvan <silvan.reusser@gmail.com>
 2020-09-07 12:32:35 +02:00
adlerhurst
7a109a763d feat: service account token exchange 2020-09-02 17:52:22 +02:00
Livio Amstutz
6d0890e280 initial commit 2020-01-31 15:22:16 +01:00