mirror of
https://github.com/zitadel/zitadel.git
synced 2025-10-24 09:10:16 +00:00
fix(oidc): roles in service user ID token (#8561)
# Which Problems Are Solved Return the user's project roles when the `urn:zitadel:iam:org:projects:roles` scope is requested. We alreayd returned it for access tokens, now also ID tokens. # How the Problems Are Solved Set `idTokenRoleAssertion` to `true` when calling `accessTokenResponseFromSession` for service users. This parameter is normally set to the client config. However, service user authentication does not have a client. # Additional Changes - none # Additional Context - Introduced in https://github.com/zitadel/zitadel/pull/8046 - Closes https://github.com/zitadel/zitadel/issues/8107 Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
@@ -51,5 +51,5 @@ func (s *Server) ClientCredentialsExchange(ctx context.Context, r *op.ClientRequ
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
return response(s.accessTokenResponseFromSession(ctx, client, session, "", "", false, true, false, false))
|
return response(s.accessTokenResponseFromSession(ctx, client, session, "", "", false, true, true, false))
|
||||||
}
|
}
|
||||||
|
@@ -58,7 +58,7 @@ func (s *Server) JWTProfile(ctx context.Context, r *op.Request[oidc.JWTProfileGr
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return response(s.accessTokenResponseFromSession(ctx, client, session, "", "", false, true, false, false))
|
return response(s.accessTokenResponseFromSession(ctx, client, session, "", "", false, true, true, false))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Server) verifyJWTProfile(ctx context.Context, req *oidc.JWTProfileGrantRequest) (user *query.User, tokenRequest *oidc.JWTTokenRequest, err error) {
|
func (s *Server) verifyJWTProfile(ctx context.Context, req *oidc.JWTProfileGrantRequest) (user *query.User, tokenRequest *oidc.JWTTokenRequest, err error) {
|
||||||
|
Reference in New Issue
Block a user