mirror/oidc
1
0
Fork 0
mirror of https://github.com/zitadel/oidc.git synced 2026-04-26 12:38:16 -05:00
Code Issues Packages Projects Releases Wiki Activity
607 Commits 9 Branches 245 Tags
v3.25.0
Commit Graph

607 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tim Möhlmann a7b5355580 feat(op): allow scope without openid (#613) 
This changes removes the requirement of the openid scope to be set for all token requests.
As this library also support OAuth2-only authentication mechanisms we still want to sanitize requested scopes, but not enforce the openid scope.

Related to https://github.com/zitadel/zitadel/discussions/8068
v3.25.0 		2024-06-13 08:16:46 +02:00
dependabot[bot] 9ecdd0cf9a chore(deps): bump golang.org/x/oauth2 from 0.20.0 to 0.21.0 (#611) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-07 08:16:06 +00:00
dependabot[bot] 7a8f8ade4d chore(deps): bump golang.org/x/text from 0.15.0 to 0.16.0 (#612) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.15.0 to 0.16.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-07 10:14:04 +02:00
dependabot[bot] 7037344cf4 --- (#610) 
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-27 10:23:36 +02:00
dependabot[bot] 7714a3b113 --- (#609) 
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-21 12:56:32 +02:00
minami yoshihiko 8a47532a8e feat: add default signature algorithms (#606) v3.24.0 2024-05-17 10:17:54 +00:00
dependabot[bot] 7437309a42 chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.1 to 4.0.2 (#608) 
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.1...v4.0.2)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-17 10:56:21 +02:00
dependabot[bot] 6d1231cb37 chore(deps): bump codecov/codecov-action from 4.3.0 to 4.3.1 (#604) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.3.0...v4.3.1)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-07 07:58:56 +02:00
dependabot[bot] 20d0f189a8 chore(deps): bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#601) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-05-06 06:44:21 +00:00
dependabot[bot] 30184ae054 chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 (#600) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.14.0 to 0.15.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2024-05-06 06:41:53 +00:00
Yuval Marcus 5a84d8c4bc fix: Omit non-standard, empty fields in RefreshTokenRequest when performing a token refresh (#599) 
* Add omitempty tags

* Add omitempty to more fields
v3.23.2 		2024-05-06 08:13:52 +02:00
Yuval Marcus 24d43f538e fix: Handle case where verifier Nonce func is nil (#594) 
* Skip nonce check if verifier nonce func is nil

* add unit test
v3.23.1 		2024-05-02 09:46:12 +02:00
Tim Möhlmann 37ca0e472a feat(op): authorize callback handler as argument in legacy server registration (#598) 
This change requires an additional argument to the op.RegisterLegacyServer constructor which passes the Authorize Callback Handler.
This allows implementations to use their own handler instead of the one provided by the package.
The current handler is exported for legacy behavior.

This change is not considered breaking, as RegisterLegacyServer is flagged experimental.

Related to https://github.com/zitadel/zitadel/issues/6882
v3.23.0 		2024-04-30 20:27:12 +03:00
dependabot[bot] 099081fc1e chore(deps): bump github.com/rs/cors from 1.10.1 to 1.11.0 (#596) 
Bumps [github.com/rs/cors](https://github.com/rs/cors) from 1.10.1 to 1.11.0.
- [Commits](https://github.com/rs/cors/compare/v1.10.1...v1.11.0)

---
updated-dependencies:
- dependency-name: github.com/rs/cors
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-26 08:17:21 +00:00
dependabot[bot] 3e329dd049 chore(deps): bump go.opentelemetry.io/otel from 1.25.0 to 1.26.0 (#595) 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.25.0 to 1.26.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.25.0...v1.26.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-26 10:15:22 +02:00
Kotaro Otaka 3512c72f1c fix: to propagate context (#593) 
Co-authored-by: Livio Spring <livio.a@gmail.com>
v3.22.1 		2024-04-22 11:40:21 +00:00
dependabot[bot] 79daaf1a7a chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 (#592) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-19 20:27:12 +03:00
Kotaro Otaka 68d4e08f6d feat: Added the ability to verify ID tokens using the value of id_token_signing_alg_values_supported retrieved from DiscoveryEndpoint (#579) 
* feat(rp): to use signing algorithms from discovery configuration (#574)

* feat: WithSigningAlgsFromDiscovery to verify IDTokenVerifier() behavior in RP with
v3.22.0 		2024-04-16 08:41:31 +00:00
Ethan Heilman 959376bde7 Fixes typos in GoDoc and comments (#591) 2024-04-16 08:18:32 +00:00
dependabot[bot] a77d773ca3 chore(deps): bump codecov/codecov-action from 4.2.0 to 4.3.0 (#590) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.2.0...v4.3.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-16 08:16:57 +00:00
dependabot[bot] 3fa4891f3e chore(deps): bump actions/add-to-project from 1.0.0 to 1.0.1 (#589) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v1.0.0...v1.0.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-16 11:15:39 +03:00
Tim Möhlmann 33f8df7eb2 feat(deps): update go-jose to v4 (#588) 
This change updates to go-jose v4, which was a new major release.

jose.ParseSigned now expects the supported signing algorithms to be passed, on which we previously did our own check. As they use a dedicated type for this, the slice of string needs to be converted. The returned error also need to be handled in a non-standard way in order to stay compatible.

For OIDC v4 we should use the jose.SignatureAlgorithm  type directly and wrap errors, instead of returned static defined errors.

Closes #583
v3.21.0 		2024-04-11 18:13:30 +03:00
Jan-Otto Kröpke 06f37f84c1 fix: Fail safe, if optional endpoints are not given (#582) v3.20.1 2024-04-09 13:02:31 +00:00
dependabot[bot] 8a21d38136 chore(deps): bump codecov/codecov-action from 4.1.1 to 4.2.0 (#585) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.1.1...v4.2.0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-09 12:39:36 +03:00
Célian GARCIA e75a061807 feat: support verification_url workaround for DeviceAuthorizationResponse unmarshal (#577) v3.20.0 2024-04-08 13:43:31 +00:00
dependabot[bot] 33485b82ba chore(deps): bump go.opentelemetry.io/otel from 1.24.0 to 1.25.0 (#584) 
Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.24.0...v1.25.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-08 10:57:09 +03:00
dependabot[bot] 370738772a chore(deps): bump golang.org/x/oauth2 from 0.18.0 to 0.19.0 (#580) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-08 10:52:08 +03:00
Livio Spring a3b73a6950 chore(workflow): fix action/add-to-project version (#578) 2024-04-03 19:32:50 +03:00
dependabot[bot] 5cdb65c30b chore(deps): bump actions/add-to-project from 0.6.1 to 1.0.0 (#575) 
* chore(deps): bump actions/add-to-project from 0.6.1 to 1.0.0

Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.1 to 1.0.0.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.1...v1.0.0)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update issue.yml

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
 2024-04-02 06:22:36 +00:00
dependabot[bot] d729c22526 chore(deps): bump codecov/codecov-action from 4.1.0 to 4.1.1 (#576) 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.1.0...v4.1.1)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-02 07:58:28 +02:00
Célian GARCIA c89d0ed970 feat: return oidc.Error in case of call token failure (#571) v3.19.0 2024-04-01 13:55:22 +00:00
dependabot[bot] 910f55ea7b chore(deps): bump actions/add-to-project from 0.6.0 to 0.6.1 (#572) 
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-26 07:15:38 +01:00
Tim Möhlmann 56397f88d5 feat(oidc): add actor claim to introspection response (#570) 
With impersonation we assign an actor claim to our JWT/ID Tokens. This change adds the actor claim to the introspection response to follow suit.

This PR also adds the `auth_time` and `amr` claims for consistency.
v3.18.0 		2024-03-18 11:36:16 +01:00
Tim Möhlmann 4d63d68c9e feat(op): allow setting the actor to Token Requests (#569) 
For impersonation token exchange we need to persist the actor throughout token requests, including refresh token.
This PR adds the optional TokenActorRequest interface which allows to pass such actor.
v3.17.0 		2024-03-14 06:57:44 +00:00
dependabot[bot] 9afc07c0cb chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#568) 
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-14 06:55:56 +00:00
Silvan aae9c86f1a Merge pull request #564 from zitadel/extend-tracing 
feat(op): extend tracing for more detailed spans
feat(client): add possibility of tracing client calls
v3.16.0 		2024-03-14 07:53:57 +01:00
adlerhurst 565a022e91 Merge branch 'extend-tracing' of https://github.com/zitadel/oidc into extend-tracing 2024-03-14 07:51:35 +01:00
adlerhurst 03f3bc693b fix test 2024-03-14 07:50:29 +01:00
Silvan 0ffd13c780 Merge branch 'main' into extend-tracing 2024-03-13 15:45:19 +01:00
adlerhurst 1b94f796eb move tracer to client, 
add tracing in rs, client
 2024-03-13 15:45:03 +01:00
Tim Möhlmann ad79802968 feat: extend token exchange response (#567) 
* feat: extend token exchange response

This change adds fields to the token exchange and token claims types.

The `act` claim has been added to describe the actor in case of impersonation or delegation. An actor can be nested in case an obtained token is used as actor token to obtain impersonation or delegation. This allows creating a chain of actors. See [RFC 8693, section 4.1](https://www.rfc-editor.org/rfc/rfc8693#name-act-actor-claim).

The `id_token` field has been added to the Token Exchange response  so an ID Token can be returned along with an access token. This is not specified in RFC 8693, but it allows us be consistent with OpenID responses when the scope `openid` is set, while the requested token type may remain access token.

* allow jwt profile for token exchange client

* add invalid target error
v3.15.0 		2024-03-13 16:26:09 +02:00
dependabot[bot] 1532a5c78b chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 (#566) 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.2...v3.0.3)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-08 07:35:47 +01:00
adlerhurst 0fe7c3307f fix parse 2024-03-07 15:25:23 +01:00
adlerhurst 7069813ec7 correct span names 2024-03-07 10:44:24 +01:00
adlerhurst 88209ac11d fix tests 2024-03-06 19:08:48 +01:00
adlerhurst bdcccc3303 feat(client): tracing in rp 2024-03-06 18:39:27 +01:00
adlerhurst d18aba8cb3 feat(rp): extend tracing 2024-03-06 18:38:37 +01:00
Tim Möhlmann e3e48882df chore: upgrade to v3 guide (#463) 
* chore: upgrade to v3 guide

first version with sed scripts.

* tidy up introduction info

* process feedback from @muir

* logging chapter

* server interface chapter

* update readme with v3 badges and link to update guide

* resolve comments
 2024-03-05 13:09:14 +00:00
Ayato 5ef597b1db feat(op): Add response_mode: form_post (#551) 
* feat(op): Add response_mode: form_post

* Fix to parse the template ahead of time

* Fix to render the template in a buffer

* Remove unnecessary import

* Fix test

* Fix example client setting

* Make sure the client not to reuse the content of the response

* Fix error handling

* Add the response_mode param

* Allow implicit flow in the example app

* feat(rp): allow form_post in code exchange callback handler

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
v3.14.0 		2024-03-05 15:04:43 +02:00
dependabot[bot] fc743a69c7 chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#562) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-05 11:07:48 +01:00