21e830e275
feat: exclude OTEL instrumentation via build tag ( #770 )
...
* feat: exclude OTEL instrumentation via build tag
* add readme
2025-07-16 11:29:59 +00:00
d09a952410
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.1 to 4.9.0 ( #769 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.8.1 to 4.9.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.8.1...v4.9.0 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-version: 4.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-15 08:58:28 +02:00
71b7500c62
fix: Omit empty assertion fields in client creds request ( #745 )
2025-07-02 12:34:13 +00:00
3b0ab8f048
chore(deps): bump github.com/go-chi/chi/v5 in the go_modules group ( #759 )
...
Bumps the go_modules group with 1 update: [github.com/go-chi/chi/v5](https://github.com/go-chi/chi ).
Updates `github.com/go-chi/chi/v5` from 5.2.1 to 5.2.2
- [Release notes](https://github.com/go-chi/chi/releases )
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2 )
---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
dependency-version: 5.2.2
dependency-type: direct:production
dependency-group: go_modules
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-02 13:27:39 +03:00
d6e37fa741
Merge pull request #758 from zitadel/hifabienne-patch-1
...
chore: update issue templates
2025-06-17 14:32:55 +02:00
8e1e5174fd
Delete .github/ISSUE_TEMPLATE/proposal.yaml
2025-06-17 11:17:14 +02:00
5618487a88
Update and rename improvement.yaml to enhancement.yaml
2025-06-17 11:16:34 +02:00
187878de63
update docs issue template, add type
2025-06-17 11:15:26 +02:00
e127c66db2
chore: update issue templates
2025-06-17 11:14:09 +02:00
e1415ef2f3
chore(deps): bump golang.org/x/text from 0.25.0 to 0.26.0 ( #755 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.25.0 to 0.26.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.25.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-version: 0.26.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10 09:50:55 +02:00
f94bd541d7
feat: update end session request to pass all params according to specification ( #754 )
...
* feat: update end session request to pass all params according to specification
* register encoder
2025-06-05 13:19:51 +02:00
7d57aaa999
chore(deps): bump codecov/codecov-action from 5.4.2 to 5.4.3 ( #751 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5.4.2 to 5.4.3.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v5.4.2...v5.4.3 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: 5.4.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-20 15:22:02 +03:00
668fb0d37a
chore(deps): bump golang.org/x/text from 0.24.0 to 0.25.0 ( #742 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.24.0 to 0.25.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-version: 0.25.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-08 08:04:53 +02:00
4ed4d257ab
chore(deps): bump golang.org/x/oauth2 from 0.29.0 to 0.30.0 ( #743 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.29.0...v0.30.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-version: 0.30.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-08 08:00:26 +02:00
4f0ed79c0a
fix(op): Add mitigation for PKCE Downgrade Attack ( #741 )
...
* fix(op): Add mitigation for PKCE downgrade attack
* chore(op): add test for PKCE verification
2025-04-29 14:33:31 +00:00
5913c5a074
feat: enhance authentication response handling ( #728 )
...
- Introduced CodeResponseType struct to encapsulate response data.
- Added handleFormPostResponse and handleRedirectResponse functions to manage different response modes.
- Created BuildAuthResponseCodeResponsePayload and BuildAuthResponseCallbackURL functions for better modularity in response generation.
2025-04-29 14:17:28 +00:00
b917cdc2e3
chore(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 ( #737 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5.4.0 to 5.4.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v5.4.0...v5.4.2 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: 5.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-22 11:13:43 +02:00
cb3ec3ac5f
chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 ( #739 )
...
* chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.36.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.36.0...v0.38.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-version: 0.38.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
* update runner to ubuntu 24.04
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com >
2025-04-22 11:05:39 +02:00
7cc5fb6568
chore(deps): bump golang.org/x/text from 0.23.0 to 0.24.0 ( #733 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.23.0 to 0.24.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.23.0...v0.24.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-version: 0.24.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-09 12:05:26 +00:00
92972fd30f
chore(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 ( #734 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.28.0 to 0.29.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.28.0...v0.29.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-version: 0.29.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-04-09 15:03:06 +03:00
c51628ea27
feat(op): always verify code challenge when available ( #721 )
...
Finally the RFC Best Current Practice for OAuth 2.0 Security has been approved.
According to the RFC:
> Authorization servers MUST support PKCE [RFC7636].
>
> If a client sends a valid PKCE code_challenge parameter in the authorization request, the authorization server MUST enforce the correct usage of code_verifier at the token endpoint.
Isn’t it time we strengthen PKCE support a bit more?
This PR updates the logic so that PKCE is always verified, even when the Auth Method is not "none".
2025-03-24 18:00:04 +02:00
7096406e71
chore(deps): bump github.com/zitadel/schema from 1.3.0 to 1.3.1 ( #731 )
...
Bumps [github.com/zitadel/schema](https://github.com/zitadel/schema ) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/zitadel/schema/releases )
- [Changelog](https://github.com/zitadel/schema/blob/main/.releaserc.js )
- [Commits](https://github.com/zitadel/schema/compare/v1.3.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: github.com/zitadel/schema
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 12:19:20 +02:00
c91db9e47b
chore(deps): bump github.com/zitadel/logging from 0.6.1 to 0.6.2 ( #730 )
...
Bumps [github.com/zitadel/logging](https://github.com/zitadel/logging ) from 0.6.1 to 0.6.2.
- [Release notes](https://github.com/zitadel/logging/releases )
- [Changelog](https://github.com/zitadel/logging/blob/main/.releaserc.js )
- [Commits](https://github.com/zitadel/logging/compare/v0.6.1...v0.6.2 )
---
updated-dependencies:
- dependency-name: github.com/zitadel/logging
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-24 12:11:07 +02:00
f648c61cab
Merge pull request #729 from zitadel/update-go-version
...
chore: run 'go mod tidy'
2025-03-23 16:49:50 +00:00
30acdaf63a
chore: run 'go mod tidy'
2025-03-23 16:27:57 +00:00
aeda5d7178
chore(deps): bump golang.org/x/text from 0.22.0 to 0.23.0 ( #723 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.22.0 to 0.23.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.22.0...v0.23.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 10:05:10 +00:00
f3ee647005
chore(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 ( #727 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.33.0 to 0.36.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.36.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 12:02:56 +02:00
c401ad6cb8
chore(deps): bump golang.org/x/oauth2 from 0.26.0 to 0.28.0 ( #724 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.26.0 to 0.28.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.26.0...v0.28.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-17 07:46:07 +01:00
2c64de821d
chore: updating go to 1.24 ( #726 )
...
* chore: updating go to 1.24
* fixup! chore: updating go to 1.24
* fixup! fixup! chore: updating go to 1.24
* fix device test (drop read error)
* drop older go versions
* drop unrelated formatter changes
---------
Co-authored-by: Iraq Jaber <IraqJaber@gmail.com >
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com >
2025-03-14 16:12:26 +01:00
efd6fdad7a
fix: ignore empty json strings for locale ( #678 )
...
* Revert "fix: ignore all unmarshal errors from locale (#673 )"
This reverts commit fbf009fe75
2025-03-14 10:30:08 +00:00
7a767d8568
feat: add CanGetPrivateClaimsFromRequest interface ( #717 )
2025-03-12 14:00:29 +02:00
eb2f912c5e
chore(deps): bump codecov/codecov-action from 5.3.1 to 5.4.0 ( #722 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5.3.1 to 5.4.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v5.3.1...v5.4.0 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-07 16:37:54 +01:00
6a80712fbe
chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 ( #716 )
...
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose ) from 4.0.4 to 4.0.5.
- [Release notes](https://github.com/go-jose/go-jose/releases )
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md )
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5 )
---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-25 12:00:02 +02:00
4ef9529012
feat: support for session_state ( #712 )
...
* add default signature algorithm
* implements session_state in auth_request.go
* add test
* Update pkg/op/auth_request.go
link to the standard
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com >
* add check_session_iframe
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com >
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com >
2025-02-24 10:50:38 +00:00
eb98343a65
fix: migrate deprecated io/ioutil.ReadFile to os.ReadFile ( #714 )
2025-02-21 09:52:02 +00:00
add254f60c
docs(example): fixed creation of refresh token ( #711 )
...
Signed-off-by: mqf20 <mingqingfoo@gmail.com >
2025-02-19 14:44:34 +02:00
b1e5aca629
docs(example): check and extend refresh token expiration ( #698 )
...
* extend refresh token expiration
* check refresh token expiration
* check refresh token expiration (fixed logic)
* formatting
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com >
2025-02-13 11:48:04 +00:00
c03a8c59ca
docs(example): check access token expiration ( #702 )
2025-02-13 11:34:29 +00:00
37dd41e49b
docs(example): simplified deletion ( #699 )
...
* simplified deletion
* added docs
2025-02-13 11:26:00 +00:00
03e5ff8345
docs(example): add auth time ( #700 )
2025-02-13 11:23:44 +00:00
c3c1bd3a40
chore(deps): bump github.com/go-chi/chi/v5 from 5.2.0 to 5.2.1 ( #706 )
...
Bumps [github.com/go-chi/chi/v5](https://github.com/go-chi/chi ) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/go-chi/chi/releases )
- [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md )
- [Commits](https://github.com/go-chi/chi/compare/v5.2.0...v5.2.1 )
---
updated-dependencies:
- dependency-name: github.com/go-chi/chi/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-05 13:45:18 +02:00
0d46df908e
chore(deps): bump golang.org/x/text from 0.21.0 to 0.22.0 ( #708 )
...
Bumps [golang.org/x/text](https://github.com/golang/text ) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/golang/text/releases )
- [Commits](https://github.com/golang/text/compare/v0.21.0...v0.22.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/text
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-05 10:11:18 +00:00
4250aad1f7
chore(deps): bump golang.org/x/oauth2 from 0.25.0 to 0.26.0 ( #707 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.25.0 to 0.26.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.25.0...v0.26.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-05 12:08:45 +02:00
8c9a536058
chore(deps): bump codecov/codecov-action from 5.1.2 to 5.3.1 ( #703 )
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5.1.2 to 5.3.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v5.1.2...v5.3.1 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-28 10:29:28 +02:00
24c96c361d
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.8.0 to 4.8.1 ( #701 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.8.0 to 4.8.1.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.8.0...v4.8.1 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-27 17:37:23 +02:00
de2fd41f40
fix: allow native clients to use https:// on localhost redirects ( #691 )
2025-01-17 13:53:19 +00:00
867a4806fd
chore(deps): bump github.com/bmatcuk/doublestar/v4 from 4.7.1 to 4.8.0 ( #696 )
...
Bumps [github.com/bmatcuk/doublestar/v4](https://github.com/bmatcuk/doublestar ) from 4.7.1 to 4.8.0.
- [Release notes](https://github.com/bmatcuk/doublestar/releases )
- [Commits](https://github.com/bmatcuk/doublestar/compare/v4.7.1...v4.8.0 )
---
updated-dependencies:
- dependency-name: github.com/bmatcuk/doublestar/v4
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-17 14:51:01 +01:00
1f6a0d5d89
chore(deps): bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 ( #695 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.24.0 to 0.25.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.24.0...v0.25.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-06 10:47:02 +02:00
a0f67c0b4b
feat: add redirect URI-s ENV setting to web clients ( #693 )
...
Co-authored-by: FominykhDG <FominykhDG@cloudx.group >
2025-01-03 08:27:01 +00:00
8d971dcad8
chore: bump dependencies ( #694 )
2024-12-30 12:47:05 +02:00
Jan-Otto Kröpke