mirror/oidc
1
0
Fork 0
mirror of https://github.com/zitadel/oidc.git synced 2026-04-28 22:19:44 -05:00
Code Issues Packages Projects Releases Wiki Activity
263 Commits 18 Branches 245 Tags
eb10752e485ced36bd996bcb290c6e617f5ea449
Commit Graph

263 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Livio Amstutz eb10752e48 feat: Token Revocation, Request Object and OP Certification (#130) 
FEATURES (and FIXES):
- support OAuth 2.0 Token Revocation [RFC 7009](https://datatracker.ietf.org/doc/html/rfc7009)
- handle request object using `request` parameter [OIDC Core 1.0 Request Object](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject)
- handle response mode
- added some information to the discovery endpoint:
  - revocation_endpoint (added with token revocation) 
  - revocation_endpoint_auth_methods_supported (added with token revocation)
  - revocation_endpoint_auth_signing_alg_values_supported (added with token revocation)
  - token_endpoint_auth_signing_alg_values_supported (was missing)
  - introspection_endpoint_auth_signing_alg_values_supported (was missing)
  - request_object_signing_alg_values_supported (added with request object)
  - request_parameter_supported (added with request object)
 - fixed `removeUserinfoScopes ` now returns the scopes without "userinfo" scopes (profile, email, phone, addedd) [source diff](https://github.com/caos/oidc/pull/130/files#diff-fad50c8c0f065d4dbc49d6c6a38f09c992c8f5d651a479ba00e31b500543559eL170-R171)
- improved error handling (pkg/oidc/error.go) and fixed some wrong OAuth errors (e.g. `invalid_grant` instead of `invalid_request`)
- improved MarshalJSON and added MarshalJSONWithStatus
- removed deprecated PEM decryption from `BytesToPrivateKey`  [source diff](https://github.com/caos/oidc/pull/130/files#diff-fe246e428e399ccff599627c71764de51387b60b4df84c67de3febd0954e859bL11-L19)
- NewAccessTokenVerifier now uses correct (internal) `accessTokenVerifier` [source diff](https://github.com/caos/oidc/pull/130/files#diff-3a01c7500ead8f35448456ef231c7c22f8d291710936cac91de5edeef52ffc72L52-R52)

BREAKING CHANGE:
- move functions from `utils` package into separate packages
- added various methods to the (OP) `Configuration` interface [source diff](https://github.com/caos/oidc/pull/130/files#diff-2538e0dfc772fdc37f057aecd6fcc2943f516c24e8be794cce0e368a26d20a82R19-R32)
- added revocationEndpoint to `WithCustomEndpoints ` [source diff](https://github.com/caos/oidc/pull/130/files#diff-19ae13a743eb7cebbb96492798b1bec556673eb6236b1387e38d722900bae1c3L355-R391)
- remove unnecessary context parameter from JWTProfileExchange [source diff](https://github.com/caos/oidc/pull/130/files#diff-4ed8f6affa4a9631fa8a034b3d5752fbb6a819107141aae00029014e950f7b4cL14)
v1.0.0 		2021-11-02 13:21:35 +01:00
Witold Konior 763d3334e7 feat: Enable parsing email_verified from string. (#139) 
* Enable parsing email_verified from string.

AWS Cognito will return email_verified from /userinfo endpoint as string.
This fix will accept proper boolean values as well as string values.

Links for reference:
https://forums.aws.amazon.com/thread.jspa?messageID=949441&#949441
https://discuss.elastic.co/t/openid-error-after-authenticating-against-aws-cognito/206018/11

* feat: Enable parsing email_verified from string.
v0.16.0 		2021-11-02 09:14:33 +01:00
陈杨文 c45f03e144 fix: allowed ConcatenateJSON with empty input (#138) v0.15.12 2021-10-28 07:06:34 +02:00
Livio Amstutz 55ec7d9dd2 docs: remove implicit and hybrid flow from supported RP features in readme (#136) 
* docs: remove implicit flow from supported features in readme

* docs: remove implicit flow from supported features in readme

Co-authored-by: Florian Forster <florian@caos.ch>

Co-authored-by: Florian Forster <florian@caos.ch>
 2021-10-26 09:15:02 +02:00
jmillerv 292188ba30 docs: fix readme typos (#134) 2021-10-10 19:30:24 +00:00
Livio Amstutz eb38b7aa60 chore: build on fork PRs (#133) 2021-10-08 08:23:53 +02:00
陈杨文 ff2c164057 fix: improve example & fix userinfo marshal (#132) 
* fix: example client should track state, call cli.CodeFlow need context

* fix: oidc userinfo can UnmarshalJSON with address

* rp Discover use client.Discover

* add instruction for example to README.md
v0.15.11 		2021-10-08 08:20:45 +02:00
Livio Amstutz a63fbee93d fix: improve JWS and key verification (#128) 
* fix: improve JWS and key verification

* fix: get remote keys if no cached key matches

* fix: get remote keys if no cached key matches

* fix exactMatch

* fix exactMatch

* chore: change default branch name in .releaserc.js
v0.15.10 		2021-09-14 15:13:44 +02:00
Livio Amstutz 2b5b436c41 Merge pull request #127 from caos/dependabot/github_actions/codecov/codecov-action-2.1.0 
chore(deps): bump codecov/codecov-action from 2.0.3 to 2.1.0
 2021-09-14 07:18:37 +02:00
dependabot[bot] 391b603cce chore(deps): bump codecov/codecov-action from 2.0.3 to 2.1.0 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.0.3 to 2.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.3...v2.1.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-13 19:01:38 +00:00
Livio Amstutz fcad98f4bd fix: make pkce code_verifier spec compliant #125 
fix: make pkce code_verifier spec compliant #125
v0.15.9 		2021-09-13 14:52:07 +02:00
Timo Volkmann 99812e0b8e pkce: encode code verifier with base64 without padding 
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
 2021-09-13 13:56:38 +02:00
Timo Volkmann af3a497b6d fix: make pkce code_verifier spec compliant #125 
follow recommendations for code_verifier: https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
 2021-09-09 14:33:59 +02:00
Livio Amstutz 3574b211c8 Merge pull request #121 from caos/dependabot/github_actions/codecov/codecov-action-2.0.3 
chore(deps): bump codecov/codecov-action from 2.0.2 to 2.0.3
 2021-09-03 07:19:18 +02:00
dependabot[bot] 353bee9ebe chore(deps): bump codecov/codecov-action from 2.0.2 to 2.0.3 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2.0.2 to 2.0.3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v2.0.2...v2.0.3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-03 05:18:02 +00:00
Livio Amstutz 3ed3fa5c0a chore: fix sem rel configuration 2021-08-27 15:40:31 +02:00
Livio Amstutz 1bd04e9f36 Merge pull request #117 from caos/workflow 
chore: start improving external contribution
 2021-08-27 15:36:51 +02:00
Livio Amstutz 1a2cc86f3c chore: change default branch name in .releaserc.js 2021-08-27 15:31:54 +02:00
Livio Amstutz a3e5d6ba96 chore: add CONTRIBUTING.md 2021-08-27 15:26:41 +02:00
Livio Amstutz d009df3567 chore: add issue templates 2021-08-27 15:24:24 +02:00
Livio Amstutz 87061e0123 chore: add 1.17 to matrix build 2021-08-27 14:57:48 +02:00
Livio Amstutz b188b2e10e Merge pull request #114 from caos/dependabot/go_modules/golang.org/x/text-0.3.7 
chore(deps): bump golang.org/x/text from 0.3.6 to 0.3.7
 2021-08-27 14:55:19 +02:00
Livio Amstutz 9aa0989dc1 chore: enable workflow on PR from forks 2021-08-27 14:32:41 +02:00
Livio Amstutz 86613007d0 fix: Ease dev host name constraints 
fix: Ease dev host name constraints
v0.15.8 		2021-08-27 14:30:36 +02:00
Beardo Moore 581885afb1 task: Ease dev host name constraints 
This changes the requirements for a issuer hostname to allow anything
that is `http`. The reason for this is because the user of the library
already has to make a conscious decision to set `CAOS_OIDC_DEV` so they
should already understand the risks of not using `https`. The primary
motivation for this change is to allow IdPs to be created in a
containerized integration test environment. Specifically setting up a
docker compose file that starts all parts of the system with a test IdP
using this library where the DNS name will not be `localhost`.
 2021-08-26 20:32:51 +00:00
dependabot[bot] 5c9565c035 chore(deps): bump golang.org/x/text from 0.3.6 to 0.3.7 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.6 to 0.3.7.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.3.6...v0.3.7)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-11 04:03:42 +00:00
dependabot[bot] 84b2ecc60e chore(deps): bump github.com/google/uuid from 1.2.0 to 1.3.0 (#108) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Commits](https://github.com/google/uuid/compare/v1.2.0...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-09 09:29:40 +02:00
dependabot[bot] bd2d17b3f3 chore(deps): bump codecov/codecov-action from 1 to 2.0.2 (#111) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 2.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v2.0.2)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-08-09 09:28:50 +02:00
Florian Forster 3a37300e7a docs: certification comment (#113) 2021-08-03 17:00:24 +02:00
Florian Forster 3a21b04459 chore: code of conduct (#112) 2021-08-03 16:52:16 +02:00
Livio Amstutz 1132c9d93d fix: removeUserinfoScopes return new slice (without manipulating passed one) (#110) v0.15.7 2021-07-21 08:27:38 +02:00
Livio Amstutz 8a35b89815 fix: supported ui locales from config (#107) v0.15.6 2021-07-09 09:20:03 +02:00
Fabi 1392c0ee9a Merge pull request #106 from caos/jwt-profile-storage 
fix: custom claims and sub for jwt profile
v0.15.5 		2021-07-07 08:33:14 +02:00
Livio Amstutz 147c6dca6e fixes 2021-07-06 08:58:35 +02:00
Livio Amstutz 58e27e8073 simplify KeyProvider interface 2021-06-30 14:10:38 +02:00
Livio Amstutz 0b446618c7 custom claims for assertion and jwt profile request 2021-06-23 14:01:31 +02:00
Livio Amstutz e9fc710b1f Merge branch 'master' into jwt-profile-storage 
# Conflicts:
#	pkg/op/verifier_jwt_profile.go
 2021-06-23 13:51:20 +02:00
Livio Amstutz 850faa159d fix: rp verification process (#95) 
* fix: rp verification process

* types

* comments

* fix cli client
v0.15.4 		2021-06-23 11:08:54 +02:00
Livio Amstutz 39fef3e7fb fix: simplify JWTProfileVerifier interface 2021-06-21 14:04:38 +02:00
Livio Amstutz 400f5c4de4 fix: parse max_age and prompt correctly (and change scope type) (#105) 
* fix: parse max_age and prompt correctly (and change scope type)

* remove unnecessary omitempty
v0.15.3 		2021-06-16 08:34:01 +02:00
dependabot[bot] 0591a0d1ef chore(deps): bump github.com/golang/mock from 1.5.0 to 1.6.0 (#104) 
Bumps [github.com/golang/mock](https://github.com/golang/mock) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/golang/mock/releases)
- [Changelog](https://github.com/golang/mock/blob/master/.goreleaser.yml)
- [Commits](https://github.com/golang/mock/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/golang/mock
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-06-14 16:02:48 +02:00
dependabot[bot] 2b58427192 chore(deps): bump gopkg.in/square/go-jose.v2 from 2.5.1 to 2.6.0 (#101) 
Bumps [gopkg.in/square/go-jose.v2](https://github.com/square/go-jose) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/square/go-jose/releases)
- [Commits](https://github.com/square/go-jose/compare/v2.5.1...v2.6.0)

---
updated-dependencies:
- dependency-name: gopkg.in/square/go-jose.v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-06-14 16:01:58 +02:00
Florian Forster a2583ad772 docs: improve wording (#103) 2021-06-14 15:59:51 +02:00
Livio Amstutz 3e336a4075 fix: check refresh token grant type (#100) v0.15.2 2021-05-31 11:35:03 +02:00
Fabi 8822aca841 Merge pull request #99 from caos/grant-types 
fix: check grant types and add refresh token to discovery
v0.15.1 		2021-05-31 09:03:02 +02:00
Livio Amstutz 14faebbb77 fix: check grant types and add refresh token to discovery 2021-05-27 13:44:11 +02:00
Livio Amstutz 8e884bdb9f feat: refresh token (#98) 
add missing feature commit and readme update
v0.15.0 		2021-05-18 09:03:11 +02:00
Fabi cd44ff0982 Merge pull request #97 from caos/refresh-token 
feat: refresh token
 2021-05-12 08:44:58 +02:00
Livio Amstutz d362dd7546 handle error 2021-05-11 15:20:22 +02:00
Livio Amstutz 90b87289cb Update pkg/op/token_code.go 
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
 2021-05-11 15:17:10 +02:00