fix: improvements for login and oidc (#227)

* add csrf * caching * caching * caching * caching * security headers * csp and security headers * error handler csp * select user with display name * csp * user selection styling * username to loginname * regenerate grpc * regenerate * change to login name
2025-08-11 18:17:35 +00:00 · 2020-06-17 08:06:40 +02:00
parent dfe6d0deb4
commit 1c59d18fee
108 changed files with 19226 additions and 19220 deletions
--- a/cmd/zitadel/caos_local.sh
+++ b/cmd/zitadel/caos_local.sh
@@ -24,6 +24,7 @@ export ZITADEL_USER_VERIFICATION_KEY=UserVerificationKey_1
 export ZITADEL_OTP_VERIFICATION_KEY=OTPVerificationKey_1
 export ZITADEL_OIDC_KEYS_ID=OIDCKey_1
 export ZITADEL_COOKIE_KEY=CookieKey_1
+export ZITADEL_CSRF_KEY=CookieKey_1

 # Notifications
 export DEBUG_MODE=TRUE
@@ -47,6 +48,13 @@ export ZITADEL_CONSOLE=http://localhost:4200
 export CAOS_OIDC_DEV=true
 export ZITADEL_COOKIE_DOMAIN=localhost

+#CSRF
+export ZITADEL_CSRF_DEV=true
+
+#CACHE
+export ZITADEL_CACHE_MAXAGE=12h
+export ZITADEL_CACHE_SHARED_MAXAGE=168h
+
 #Console
 export ZITADEL_CONSOLE_ENV_DIR=../../console/src/assets/

--- a/cmd/zitadel/startup.yaml
+++ b/cmd/zitadel/startup.yaml
@@ -66,6 +66,9 @@ Auth:
        Domain: $ZITADEL_COOKIE_DOMAIN
        Key:
          EncryptionKeyID: $ZITADEL_COOKIE_KEY
+      Cache:
+        MaxAge: $ZITADEL_CACHE_MAXAGE
+        SharedMaxAge: $ZITADEL_CACHE_SHARED_MAXAGE
      Endpoints:
        Auth:
          Path: 'authorize'
@@ -129,6 +132,14 @@ Login:
    ZitadelURL: '$ZITADEL_CONSOLE'
    LanguageCookieName: 'caos.zitadel.login.lang'
    DefaultLanguage: 'de'
+    CSRF:
+      CookieName: 'caos.zitadel.login.csrf'
+      Key:
+        EncryptionKeyID: $ZITADEL_CSRF_KEY
+      Development: $ZITADEL_CSRF_DEV
+    Cache:
+      MaxAge: $ZITADEL_CACHE_MAXAGE
+      SharedMaxAge: $ZITADEL_CACHE_SHARED_MAXAGE


 AuthZ: