zitadel-oidc

History

Mark Laing c0d0ba9b0f feat: Request aware cookie handling (#753 ) * pkg/http: Add `secureCookieFunc` field to CookieHandler. Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/http: Add `IsRequestAware` method CookieHandler. Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/http: Use `secureCookieFunc` when checking a cookie (if set). Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/http: Error on `SetCookie` if cookie handler is request aware. Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/http: Add method to set request aware cookies. Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/http: Add function to create a new request aware cookie handler. Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/client/rp: Update `trySetStateCookie` function signature. Use `SetRequestAwareCookie` if the cookie handle is request aware. This function signature can be updated because it is not exported. Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/client/rp: Add `GenerateAndStoreCodeChallengeWithRequest` function. It's not possible to add a `http.Request` argument to `GenerateAndStoreCodeChallenge` as this would be a breaking change. Instead, add a new function that accepts a request argument and call `SetRequestAwareCookie` here. Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/client/rp: Update PKCE logic to pass request if required by cookie handler. Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/http: Don't set MaxAge if cookie handler is request aware. The securecookie field can be nil. Expect the caller to set max age on the securecookie returned by the secureCookieFunc. Signed-off-by: Mark Laing <mark.laing@canonical.com> * pkg/client: Add integration tests for request aware cookie handling. Adds a new type `cookieSpec` which is accepted as an argument to `RunAuthorizationCodeFlow`. `TestRelyingPartySession` now runs with `wrapServer` true/false and with two cookie handlers, one static and one request aware. The request aware handler extracts encryption keys from a secret using a salt from a "login_id" cookie. Signed-off-by: Mark Laing <mark.laing@canonical.com> --------- Signed-off-by: Mark Laing <mark.laing@canonical.com>		2025-07-16 11:33:03 +00:00
..
profile	feat(deps): update go-jose to v4 (#588 )	2024-04-11 18:13:30 +03:00
rp	feat: Request aware cookie handling (#753 )	2025-07-16 11:33:03 +00:00
rs	fix test	2024-03-14 07:50:29 +01:00
tokenexchange	feat(deps): update go-jose to v4 (#588 )	2024-04-11 18:13:30 +03:00
client.go	feat: exclude OTEL instrumentation via build tag (#770 )	2025-07-16 11:29:59 +00:00
client_test.go	feat(oidc): return defined error when discovery failed (#653 )	2024-09-20 12:33:28 +03:00
errors.go	fix: Fail safe, if optional endpoints are not given (#582 )	2024-04-09 13:02:31 +00:00
integration_test.go	feat: Request aware cookie handling (#753 )	2025-07-16 11:33:03 +00:00
jwt_profile.go	feat: add context to all client calls (#345 )	2023-03-23 15:31:38 +01:00
key.go	fix: migrate deprecated io/ioutil.ReadFile to os.ReadFile (#714 )	2025-02-21 09:52:02 +00:00