mirror/oidc
1
0
Fork 0
mirror of https://github.com/zitadel/oidc.git synced 2026-05-12 21:58:32 -05:00
Code Issues Packages Projects Releases Wiki Activity
366 Commits 18 Branches 245 Tags
1.13.x
Commit Graph

366 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Möhlmann 55acd0013a fix(v1): update all go mod deps (#457) 
* fix(v1): update all go mod deps

In the preparation of the v3 release, this upgrades the deps for v1
for the last time. Users should upgrade to v3 asap after this as we will drop support for v1 alltogether.

* downgrade zitadel/logging
v1.13.5 		2023-10-13 07:47:08 +02:00
Tim Möhlmann a64b97dd5a fix: allow RFC3339 encoded time strings 
Fixes #292
v1.13.4 		2023-03-22 16:04:25 +02:00
Tim Möhlmann 95ffcb5bdc chore: v1 branch auto release v1.13.3 2023-03-22 15:59:14 +02:00
Tim Möhlmann 776115080d fix: security updates or all modules 2023-03-22 15:56:05 +02:00
Tim Möhlmann eb0e9a1b7a chore: v1 branch maintainance releaser 2023-03-22 15:55:50 +02:00
Tim Möhlmann eea2ed1a51 fix: unmarshalling of scopes in access token (#320) 
The Scopes field in accessTokenClaims should be a  SpaceDelimitedArray,
in order to allow for correct unmarshalling.

Fixes #318
v1.13.2 		2023-03-10 09:46:25 +02:00
dependabot[bot] 62f2df7fa3 chore(deps): bump actions/add-to-project from 0.4.0 to 0.4.1 (#294) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.4.0...v0.4.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-06 14:34:12 +02:00
dependabot[bot] fba465dc83 chore(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#290) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-06 14:31:00 +02:00
David Sharnoff 7e5798569b fix: glob support for RedirectURIs 
Fixes #293
v1.13.1 		2023-03-06 14:13:35 +02:00
Tim Möhlmann 815ced424c readme: update zitdal docs link 
Fixes #286
 2023-02-24 11:04:37 +01:00
Tim Möhlmann c8d61c0858 rp: allow to set custom URL parameters (#273) 
* rp: allow to set prompts in AuthURLHandler

Fixes #241

* rp: configuration for handlers with URL options to call RS

Fixes #265
 2023-02-13 11:28:46 +02:00
dependabot[bot] ff2729cb23 chore(deps): bump golang.org/x/text from 0.6.0 to 0.7.0 (#279) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-13 11:18:18 +02:00
Tim Möhlmann 5633b5518a Merge pull request #269 from muir/doc-client-not-cached 
doc: document lack of client caching
 2023-02-09 12:03:21 +02:00
David Sharnoff d258fc4c29 document lack of client caching 2023-02-08 15:28:27 -08:00
Tim Möhlmann d59ed71446 Merge pull request #258 from zitadel/dependabot/go_modules/golang.org/x/text-0.6.0 
chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0
 2023-02-06 21:23:05 +02:00
dependabot[bot] e59b9259a7 chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 18:35:36 +00:00
Tim Möhlmann 3a6c3543e7 chore: add go 1.20 support (#274) 2023-02-06 10:35:50 +01:00
Tim Möhlmann df5a09f813 chore: switch from iouitil to io.ReadAll (#272) 
removed a TODO: switch to io.ReadAll and drop go1.15 support
 2023-02-06 08:29:25 +01:00
David Sharnoff cdf2af6c2c feat: add CanRefreshTokenInfo to support non-JWT refresh tokens (#244) 
* Add an additional, optional, op.Storage interface so that refresh tokens
that are not JWTs do not cause failures when they randomly, sometimes, decrypt
without error

```go
// CanRefreshTokenInfo is an optional additional interface that Storage can support.
// Supporting CanRefreshTokenInfo is required to be able to revoke a refresh token that
// does not happen to also be a JWTs work properly.
type CanRefreshTokenInfo interface {
        // GetRefreshTokenInfo must return oidc.ErrInvalidRefreshToken when presented
	// with a token that is not a refresh token.
	GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error)
}
```

* add comment suggested in code review

* review feedback: return an error defined in op rather than adding a new error to oidc

* move ErrInvalidRefresToken to op/storage.go
v1.13.0 		2023-02-06 08:27:57 +01:00
Tim Möhlmann fa222c5efb fix: nil pointer dereference on UserInfoAddress (#207) 
* oidc: add test case to reproduce #203

Running the tests will always result in a nil pointer
dereference on UserInfoAddress.

Co-authored-by: Livio Spring <livio.a@gmail.com>

* fix: nil pointer dereference on UserInfoAddress

userinfo.UnmarshalJSON now only sets the Address field
if it was present in the json.
userinfo.GetAddress will always return a non-nil value
of UserInfoAddress to allow for safe chaining of Get functions.

Fixes #203

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
v1.12.2 		2023-02-03 11:14:04 +01:00
Livio Spring 1535ea4f6c chore(examples): improve logging and how to use (#266) 2023-01-25 06:22:12 +01:00
Livio Spring b031c1f297 fix: exchange cors library and add X-Requested-With to Access-Control-Request-Headers (#260) v1.12.1 2023-01-09 10:39:11 +01:00
Fabi 6289fae50d Merge pull request #257 from zitadel/hifabienne-patch-1 
chore: Update issue.yml
 2022-12-29 16:19:11 +01:00
Fabi b6eea1ddda Update issue.yml 2022-12-29 16:03:40 +01:00
dependabot[bot] 205f2c4a30 chore(deps): bump cycjimmy/semantic-release-action from 2 to 3 (#248) 
* chore(deps): bump cycjimmy/semantic-release-action from 2 to 3

Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 2 to 3.
- [Release notes](https://github.com/cycjimmy/semantic-release-action/releases)
- [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/cycjimmy/semantic-release-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: cycjimmy/semantic-release-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update sem rel to work with node 16

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2022-12-06 10:41:07 +00:00
dependabot[bot] aa7cb56f69 chore(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 (#250) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-06 11:37:56 +01:00
dependabot[bot] 2fd92af1f8 chore(deps): bump actions/add-to-project from 0.3.0 to 0.4.0 (#249) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v1.12.0 		2022-12-06 11:34:54 +01:00
Goran Kovacevic 87a545e60b feat: add missing IntrospectionResponse getters (#251) 2022-12-06 11:34:19 +01:00
Fabi 1bed3e1f57 Merge pull request #247 from enercity/feature/readme 
chore(examples): fix path
 2022-12-06 09:42:01 +01:00
Fabi a757c5d13a Merge pull request #253 from zitadel/livio-a-patch-1 
chore(codeql): update branch name
 2022-12-06 09:36:29 +01:00
Livio Spring 46684fbe0d chore(codeql): update branch name 2022-12-06 09:35:23 +01:00
Michael Holtermann c0f3ef8a66 Add folders to Basic Overview 2022-11-24 15:30:54 +01:00
Florian Forster 356dd89ae4 chore: fix broken codecov default branch (#245) 
* chore: fix broken codecov default branch

* update codecov badge
 2022-11-21 17:41:56 +01:00
David Sharnoff 74e1823392 chore: add an RP/OP integration test (#238) 
* rp/op integration test
do not error if OP does not provide a redirect
working, but with debugging
clean up, remove debugging
support go1.15
attempt to fix coverage calculation

* Update pkg/client/rp/integration_test.go

Co-authored-by: Livio Spring <livio.a@gmail.com>

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2022-11-18 07:29:25 +01:00
David Sharnoff 39852f6021 feat: add rp.RevokeToken (#231) 
* feat: add rp.RevokeToken

* add missing lines after conflict resolving

Co-authored-by: Livio Spring <livio.a@gmail.com>
v1.11.0 		2022-11-15 07:35:16 +01:00
dependabot[bot] 0847a5985a chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#236) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v1.10.0 		2022-11-14 17:02:43 +01:00
dependabot[bot] 0e30c38791 chore(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 (#234) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.8 to 0.4.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.3.8...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-14 17:02:22 +01:00
David Sharnoff bd47b5ddc4 feat: support EndSession with RelyingParty client (#230) 
* feat: support EndSession with RelyingPart client

* do not error if OP does not provide a redirect

* undo that last change, but noice error returns from EndSession

* ioutil.ReadAll, for now
 2022-11-14 17:01:19 +01:00
David Sharnoff 4e302ca4da bugfix: access token verifier opts was not used (#237) 2022-11-14 17:00:27 +01:00
Utku Özdemir a314c1483f fix: allow http schema for redirect url for native apps in dev mode (#242) 2022-11-14 16:59:56 +01:00
David Sharnoff 1aa75ec953 feat: allow id token hint verifier to specify algs (#229) 2022-11-14 16:59:33 +01:00
David Sharnoff 89d1c90bf2 fix: WithPath on NewCookieHandler set domain instead! (#240) 2022-11-14 16:58:36 +01:00
Anthony Quéré 0596d83b33 doc: fix zitadel doc uri in the README (#239) 2022-11-03 10:11:15 +00:00
Florian Forster 4ac692bfd8 chore: house cleaning of the caos name and update sec (#232) 
* chore: house cleaning of the caos name and update sec

* some typos

* make fix non breakable

* Update SECURITY.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update SECURITY.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2022-10-17 09:13:54 +02:00
David Sharnoff 4bc4bfffe8 add op.AllAuthMethods (#233) 2022-10-17 08:07:19 +02:00
Weny Xu 3a7b2e8eb5 docs(README.md): fix typos 2022-10-17 08:06:41 +02:00
dependabot[bot] 9f71e4c924 chore(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 (#228) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.3.7...v0.3.8)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-14 22:38:10 +02:00
mv-kan 01021e71a0 chore(example): fix listener usage in app example (#224) 2022-10-05 09:36:06 +02:00
David Sharnoff b5da6ec29b chore(linting): apply gofumpt & goimports to all .go files (#225) 2022-10-05 09:33:10 +02:00
David Sharnoff c4b7ef9160 fix: avoid potential race conditions (#220) 
* fix potential race condition during signer update

* avoid potential race conditions with lazy-initializers in OpenIDProvider

* avoid potential race lazy initializers in RelyingParty

* review feedback -- additional potential races

* add pre-calls to NewRelyingPartyOIDC too
v1.9.1 		2022-10-04 07:23:59 +02:00