cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
zitadel-oidc/pkg/op
History
Tim Möhlmann b8e520afd0
fix: allow expired ID token hint to end sessions (#522) 
* fix: allow expired ID token hint to end sessions

This change adds a specific error for expired ID Token hints, including too old "issued at" and "max auth age".
The error is returned VerifyIDTokenHint so that the end session handler can choose to ignore this error.

This fixes the behavior to be in line with [OpenID Connect RP-Initiated Logout 1.0, section 4](https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ValidationAndErrorHandling).

* Tes IDTokenHintExpiredError
2024-01-19 11:30:51 +01:00
..
mock feat(op): allow double star globs (#507) 2024-01-05 17:30:17 +02:00
applicationtype_enumer.go chore: add enumer for iota-defined types (#197) 2022-07-25 20:06:49 +02:00
auth_request.go fix: don't force server errors in legacy server (#517) 2024-01-17 16:06:45 +01:00
auth_request_test.go feat(op): allow double star globs (#507) 2024-01-05 17:30:17 +02:00
client.go feat(op): allow double star globs (#507) 2024-01-05 17:30:17 +02:00
client_test.go chore: replace gorilla/schema with zitadel/schema (#348) 2023-03-28 14:57:27 +03:00
config.go feat(op): issuer from custom headers (#478) 2023-11-10 14:18:08 +02:00
config_test.go feat(op): issuer from custom headers (#478) 2023-11-10 14:18:08 +02:00
context.go chore: test all routes 2023-03-15 14:32:14 +01:00
context_test.go feat(op): dynamic issuer depending on request / host (#278) 2023-02-09 17:10:22 +01:00
crypto.go upgrade this module to v3 2023-03-20 13:38:21 +02:00
device.go feat(op): ID token for device authorization grant (#500) 2023-12-18 08:39:39 +01:00
device_test.go feat(op): ID token for device authorization grant (#500) 2023-12-18 08:39:39 +01:00
discovery.go feat(op): User-configurable claims_supported (#495) 2023-12-17 12:06:42 +00:00
discovery_test.go feat(op): Server interface (#447) 2023-09-28 17:30:08 +03:00
endpoint.go feat(op): Server interface (#447) 2023-09-28 17:30:08 +03:00
endpoint_test.go feat(op): Server interface (#447) 2023-09-28 17:30:08 +03:00
error.go fix: don't force server errors in legacy server (#517) 2024-01-17 16:06:45 +01:00
error_test.go fix: don't force server errors in legacy server (#517) 2024-01-17 16:06:45 +01:00
keys.go chore(deps): migrage jose to go-jose/v3 (#433) 2023-09-01 14:33:16 +03:00
keys_test.go chore(deps): migrage jose to go-jose/v3 (#433) 2023-09-01 14:33:16 +03:00
op.go feat(op): User-configurable claims_supported (#495) 2023-12-17 12:06:42 +00:00
op_test.go feat(op): User-configurable claims_supported (#495) 2023-12-17 12:06:42 +00:00
probes.go feat(op): Server interface (#447) 2023-09-28 17:30:08 +03:00
server.go fix(server): do not get client by id for introspection (#467) 2023-10-24 18:07:20 +03:00
server_http.go feat: Allow CORS policy to be configured (#484) 2023-11-17 15:33:48 +02:00
server_http_routes_test.go feat(op): allow Legacy Server extension (#466) 2023-10-24 10:20:02 +03:00
server_http_test.go fix: don't force server errors in legacy server (#517) 2024-01-17 16:06:45 +01:00
server_legacy.go fix: don't force server errors in legacy server (#517) 2024-01-17 16:06:45 +01:00
server_test.go feat(op): Server interface (#447) 2023-09-28 17:30:08 +03:00
session.go fix: allow expired ID token hint to end sessions (#522) 2024-01-19 11:30:51 +01:00
signer.go Merge branch 'next' into next-main 2023-10-12 16:07:49 +03:00
storage.go feat(op): ID token for device authorization grant (#500) 2023-12-18 08:39:39 +01:00
token.go feat(op): ID token for device authorization grant (#500) 2023-12-18 08:39:39 +01:00
token_client_credentials.go Merge branch 'next' into next-main 2023-10-12 16:07:49 +03:00
token_code.go Merge branch 'next' into next-main 2023-10-12 16:07:49 +03:00
token_exchange.go Merge branch 'next' into next-main 2023-10-12 16:07:49 +03:00
token_intospection.go fix(server): do not get client by id for introspection (#467) 2023-10-24 18:07:20 +03:00
token_jwt_profile.go Merge branch 'next' into next-main 2023-10-12 16:07:49 +03:00
token_refresh.go Merge branch 'next' into next-main 2023-10-12 16:07:49 +03:00
token_request.go Merge branch 'next' into next-main 2023-10-12 16:07:49 +03:00
token_revocation.go feat(op): Server interface (#447) 2023-09-28 17:30:08 +03:00
userinfo.go feat: merge the verifier types (#336) 2023-03-22 19:18:41 +02:00
verifier_access_token.go feat: merge the verifier types (#336) 2023-03-22 19:18:41 +02:00
verifier_access_token_example_test.go upgrade this module to v3 2023-03-20 13:38:21 +02:00
verifier_access_token_test.go feat: merge the verifier types (#336) 2023-03-22 19:18:41 +02:00
verifier_id_token_hint.go fix: allow expired ID token hint to end sessions (#522) 2024-01-19 11:30:51 +01:00
verifier_id_token_hint_test.go fix: allow expired ID token hint to end sessions (#522) 2024-01-19 11:30:51 +01:00
verifier_jwt_profile.go correct comment 2023-11-13 19:28:01 +02:00
verifier_jwt_profile_test.go feat: merge the verifier types (#336) 2023-03-22 19:18:41 +02:00