feat: add ZITADEL project id scope (#4146)

* feat: add ZITADEL project id scope * update documentation * documentation * fix scopes * change to lowercase
2025-08-12 01:37:31 +00:00 · 2022-08-09 09:45:59 +02:00
parent 1b5c8677ab
commit 02d2032790
7 changed files with 71 additions and 73 deletions
--- a/internal/domain/auth_request.go
+++ b/internal/domain/auth_request.go
@@ -151,19 +151,6 @@ func (a *AuthRequest) AppendAudIfNotExisting(aud string) {
 	a.Audience = append(a.Audience, aud)
 }

-func (a *AuthRequest) GetScopeProjectIDsForAud() []string {
-	projectIDs := make([]string, 0)
-	switch request := a.Request.(type) {
-	case *AuthRequestOIDC:
-		for _, scope := range request.Scopes {
-			if strings.HasPrefix(scope, ProjectIDScope) && strings.HasSuffix(scope, AudSuffix) {
-				projectIDs = append(projectIDs, strings.TrimSuffix(strings.TrimPrefix(scope, ProjectIDScope), AudSuffix))
-			}
-		}
-	}
-	return projectIDs
-}
-
 func (a *AuthRequest) GetScopeOrgPrimaryDomain() string {
 	switch request := a.Request.(type) {
 	case *AuthRequestOIDC:
--- a/internal/domain/request.go
+++ b/internal/domain/request.go
@@ -4,6 +4,7 @@ const (
 	OrgDomainPrimaryScope = "urn:zitadel:iam:org:domain:primary:"
 	OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"
 	ProjectIDScope        = "urn:zitadel:iam:org:project:id:"
+	ProjectIDScopeZITADEL = "zitadel"
 	AudSuffix             = ":aud"
 	SelectIDPScope        = "urn:zitadel:iam:org:idp:id:"
 )
--- a/internal/domain/token.go
+++ b/internal/domain/token.go
@@ -1,9 +1,11 @@
 package domain

 import (
+	"context"
 	"strings"
 	"time"

+	"github.com/zitadel/zitadel/internal/api/authz"
 	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
 )

@@ -20,11 +22,16 @@ type Token struct {
 	PreferredLanguage string
 }

-func AddAudScopeToAudience(audience, scopes []string) []string {
+func AddAudScopeToAudience(ctx context.Context, audience, scopes []string) []string {
 	for _, scope := range scopes {
-		if strings.HasPrefix(scope, ProjectIDScope) && strings.HasSuffix(scope, AudSuffix) {
-			audience = append(audience, strings.TrimSuffix(strings.TrimPrefix(scope, ProjectIDScope), AudSuffix))
+		if !(strings.HasPrefix(scope, ProjectIDScope) && strings.HasSuffix(scope, AudSuffix)) {
+			continue
 		}
+		projectID := strings.TrimSuffix(strings.TrimPrefix(scope, ProjectIDScope), AudSuffix)
+		if projectID == ProjectIDScopeZITADEL {
+			projectID = authz.GetInstance(ctx).ProjectID()
+		}
+		audience = append(audience, projectID)
 	}
 	return audience
 }