mirror/oidc
1
0
Fork 0
mirror of https://github.com/zitadel/oidc.git synced 2026-04-24 11:38:18 -05:00
Code Issues Packages Projects Releases Wiki Activity
358 Commits 9 Branches 245 Tags
7e5798569b48f70971d3abf0ce92bbd109bcb61b
Commit Graph

358 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Sharnoff 7e5798569b fix: glob support for RedirectURIs 
Fixes #293
v1.13.1 		2023-03-06 14:13:35 +02:00
Tim Möhlmann 815ced424c readme: update zitdal docs link 
Fixes #286
 2023-02-24 11:04:37 +01:00
Tim Möhlmann c8d61c0858 rp: allow to set custom URL parameters (#273) 
* rp: allow to set prompts in AuthURLHandler

Fixes #241

* rp: configuration for handlers with URL options to call RS

Fixes #265
 2023-02-13 11:28:46 +02:00
dependabot[bot] ff2729cb23 chore(deps): bump golang.org/x/text from 0.6.0 to 0.7.0 (#279) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.6.0...v0.7.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-13 11:18:18 +02:00
Tim Möhlmann 5633b5518a Merge pull request #269 from muir/doc-client-not-cached 
doc: document lack of client caching
 2023-02-09 12:03:21 +02:00
David Sharnoff d258fc4c29 document lack of client caching 2023-02-08 15:28:27 -08:00
Tim Möhlmann d59ed71446 Merge pull request #258 from zitadel/dependabot/go_modules/golang.org/x/text-0.6.0 
chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0
 2023-02-06 21:23:05 +02:00
dependabot[bot] e59b9259a7 chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 18:35:36 +00:00
Tim Möhlmann 3a6c3543e7 chore: add go 1.20 support (#274) 2023-02-06 10:35:50 +01:00
Tim Möhlmann df5a09f813 chore: switch from iouitil to io.ReadAll (#272) 
removed a TODO: switch to io.ReadAll and drop go1.15 support
 2023-02-06 08:29:25 +01:00
David Sharnoff cdf2af6c2c feat: add CanRefreshTokenInfo to support non-JWT refresh tokens (#244) 
* Add an additional, optional, op.Storage interface so that refresh tokens
that are not JWTs do not cause failures when they randomly, sometimes, decrypt
without error

```go
// CanRefreshTokenInfo is an optional additional interface that Storage can support.
// Supporting CanRefreshTokenInfo is required to be able to revoke a refresh token that
// does not happen to also be a JWTs work properly.
type CanRefreshTokenInfo interface {
        // GetRefreshTokenInfo must return oidc.ErrInvalidRefreshToken when presented
	// with a token that is not a refresh token.
	GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error)
}
```

* add comment suggested in code review

* review feedback: return an error defined in op rather than adding a new error to oidc

* move ErrInvalidRefresToken to op/storage.go
v1.13.0 		2023-02-06 08:27:57 +01:00
Tim Möhlmann fa222c5efb fix: nil pointer dereference on UserInfoAddress (#207) 
* oidc: add test case to reproduce #203

Running the tests will always result in a nil pointer
dereference on UserInfoAddress.

Co-authored-by: Livio Spring <livio.a@gmail.com>

* fix: nil pointer dereference on UserInfoAddress

userinfo.UnmarshalJSON now only sets the Address field
if it was present in the json.
userinfo.GetAddress will always return a non-nil value
of UserInfoAddress to allow for safe chaining of Get functions.

Fixes #203

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
v1.12.2 		2023-02-03 11:14:04 +01:00
Livio Spring 1535ea4f6c chore(examples): improve logging and how to use (#266) 2023-01-25 06:22:12 +01:00
Livio Spring b031c1f297 fix: exchange cors library and add X-Requested-With to Access-Control-Request-Headers (#260) v1.12.1 2023-01-09 10:39:11 +01:00
Fabi 6289fae50d Merge pull request #257 from zitadel/hifabienne-patch-1 
chore: Update issue.yml
 2022-12-29 16:19:11 +01:00
Fabi b6eea1ddda Update issue.yml 2022-12-29 16:03:40 +01:00
dependabot[bot] 205f2c4a30 chore(deps): bump cycjimmy/semantic-release-action from 2 to 3 (#248) 
* chore(deps): bump cycjimmy/semantic-release-action from 2 to 3

Bumps [cycjimmy/semantic-release-action](https://github.com/cycjimmy/semantic-release-action) from 2 to 3.
- [Release notes](https://github.com/cycjimmy/semantic-release-action/releases)
- [Changelog](https://github.com/cycjimmy/semantic-release-action/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/cycjimmy/semantic-release-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: cycjimmy/semantic-release-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update sem rel to work with node 16

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2022-12-06 10:41:07 +00:00
dependabot[bot] aa7cb56f69 chore(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 (#250) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-06 11:37:56 +01:00
dependabot[bot] 2fd92af1f8 chore(deps): bump actions/add-to-project from 0.3.0 to 0.4.0 (#249) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v1.12.0 		2022-12-06 11:34:54 +01:00
Goran Kovacevic 87a545e60b feat: add missing IntrospectionResponse getters (#251) 2022-12-06 11:34:19 +01:00
Fabi 1bed3e1f57 Merge pull request #247 from enercity/feature/readme 
chore(examples): fix path
 2022-12-06 09:42:01 +01:00
Fabi a757c5d13a Merge pull request #253 from zitadel/livio-a-patch-1 
chore(codeql): update branch name
 2022-12-06 09:36:29 +01:00
Livio Spring 46684fbe0d chore(codeql): update branch name 2022-12-06 09:35:23 +01:00
Michael Holtermann c0f3ef8a66 Add folders to Basic Overview 2022-11-24 15:30:54 +01:00
Florian Forster 356dd89ae4 chore: fix broken codecov default branch (#245) 
* chore: fix broken codecov default branch

* update codecov badge
 2022-11-21 17:41:56 +01:00
David Sharnoff 74e1823392 chore: add an RP/OP integration test (#238) 
* rp/op integration test
do not error if OP does not provide a redirect
working, but with debugging
clean up, remove debugging
support go1.15
attempt to fix coverage calculation

* Update pkg/client/rp/integration_test.go

Co-authored-by: Livio Spring <livio.a@gmail.com>

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2022-11-18 07:29:25 +01:00
David Sharnoff 39852f6021 feat: add rp.RevokeToken (#231) 
* feat: add rp.RevokeToken

* add missing lines after conflict resolving

Co-authored-by: Livio Spring <livio.a@gmail.com>
v1.11.0 		2022-11-15 07:35:16 +01:00
dependabot[bot] 0847a5985a chore(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#236) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v1.10.0 		2022-11-14 17:02:43 +01:00
dependabot[bot] 0e30c38791 chore(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 (#234) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.8 to 0.4.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.3.8...v0.4.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-14 17:02:22 +01:00
David Sharnoff bd47b5ddc4 feat: support EndSession with RelyingParty client (#230) 
* feat: support EndSession with RelyingPart client

* do not error if OP does not provide a redirect

* undo that last change, but noice error returns from EndSession

* ioutil.ReadAll, for now
 2022-11-14 17:01:19 +01:00
David Sharnoff 4e302ca4da bugfix: access token verifier opts was not used (#237) 2022-11-14 17:00:27 +01:00
Utku Özdemir a314c1483f fix: allow http schema for redirect url for native apps in dev mode (#242) 2022-11-14 16:59:56 +01:00
David Sharnoff 1aa75ec953 feat: allow id token hint verifier to specify algs (#229) 2022-11-14 16:59:33 +01:00
David Sharnoff 89d1c90bf2 fix: WithPath on NewCookieHandler set domain instead! (#240) 2022-11-14 16:58:36 +01:00
Anthony Quéré 0596d83b33 doc: fix zitadel doc uri in the README (#239) 2022-11-03 10:11:15 +00:00
Florian Forster 4ac692bfd8 chore: house cleaning of the caos name and update sec (#232) 
* chore: house cleaning of the caos name and update sec

* some typos

* make fix non breakable

* Update SECURITY.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update SECURITY.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2022-10-17 09:13:54 +02:00
David Sharnoff 4bc4bfffe8 add op.AllAuthMethods (#233) 2022-10-17 08:07:19 +02:00
Weny Xu 3a7b2e8eb5 docs(README.md): fix typos 2022-10-17 08:06:41 +02:00
dependabot[bot] 9f71e4c924 chore(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 (#228) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.3.7...v0.3.8)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-14 22:38:10 +02:00
mv-kan 01021e71a0 chore(example): fix listener usage in app example (#224) 2022-10-05 09:36:06 +02:00
David Sharnoff b5da6ec29b chore(linting): apply gofumpt & goimports to all .go files (#225) 2022-10-05 09:33:10 +02:00
David Sharnoff c4b7ef9160 fix: avoid potential race conditions (#220) 
* fix potential race condition during signer update

* avoid potential race conditions with lazy-initializers in OpenIDProvider

* avoid potential race lazy initializers in RelyingParty

* review feedback -- additional potential races

* add pre-calls to NewRelyingPartyOIDC too
v1.9.1 		2022-10-04 07:23:59 +02:00
David Sharnoff 749c30491b chore: Make example/server usable for tests (#205) 
* internal -> storage; split users into an interface

* move example/server/*.go to example/server/exampleop/

* export all User fields

* storage -> Storage

* example server now passes tests
 2022-09-30 07:44:10 +02:00
David Sharnoff 62daf4cc42 feat: add WithPath CookieHandlerOpt (#217) v1.9.0 2022-09-30 07:40:05 +02:00
David Sharnoff 328d0e1251 feat: add access token verifier ops to openidProvider (#221) 2022-09-30 07:39:40 +02:00
David Sharnoff 2d248b1a1a fix: Change op.tokenHandler to follow the same pattern as the rest of the endpoint handlers (#210) 
inside op: provide a standard endpoint handler that uses injected data.
 2022-09-30 07:39:23 +02:00
Florian Forster 29904e9446 chore: add notice file to explicit state the copyright (#215) v1.8.1 2022-09-30 07:28:54 +02:00
David Sharnoff 88a98c03ea fix: rp.RefreshAccessToken did not work (#216) 
* oidc.RefreshTokenRequest cannot be used to in a request to refresh tokens
because it does not explicitly include grant_types.

* fix merge issue

* undo accidental formatting changes
 2022-09-30 07:28:31 +02:00
David Sharnoff 4b4b0e49e0 chore: update jwtProfileKeySet to match actual use (#219) 2022-09-30 07:24:47 +02:00
David Sharnoff c0badf2329 chore: additional errors and error improvements that catch problems earlier 2022-09-30 07:18:48 +02:00