Merge branch 'main' into api-user-profile-requests

README.md

@@ -28,10 +28,6 @@
         <img src="./docs/static/logos/oidc-cert.png" /></a>
 </p>
 
-|Community Meeting|
-|------------------|
-|ZITADEL holds bi-weekly community calls. To join the community calls or to watch previous meeting notes and recordings, please visit the [meeting schedule](https://github.com/zitadel/zitadel/blob/main/MEETING_SCHEDULE.md).|
-
 Are you searching for a user management tool that is quickly set up like Auth0 and open source like Keycloak?
 
 Do you have a project that requires multi-tenant user management with self-service for your customers?

internal/api/oidc/auth_request.go

@@ -46,6 +46,11 @@ func (o *OPStorage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest
 	headers, _ := http_utils.HeadersFromCtx(ctx)
 	loginClient := headers.Get(LoginClientHeader)
 
+	// for backwards compatibility we'll use the new login if the header is set (no matter the other configs)
+	if loginClient != "" {
+		return o.createAuthRequestLoginClient(ctx, req, userID, loginClient)
+	}
+
 	// if the instance requires the v2 login, use it no matter what the application configured
 	if authz.GetFeatures(ctx).LoginV2.Required {
 		return o.createAuthRequestLoginClient(ctx, req, userID, loginClient)
@@ -64,10 +69,7 @@ func (o *OPStorage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest
 	case domain.LoginVersionUnspecified:
 		fallthrough
 	default:
-		// if undefined, use the v2 login if the header is sent, to retain the current behavior
-		if loginClient != "" {
-			return o.createAuthRequestLoginClient(ctx, req, userID, loginClient)
-		}
+		// since we already checked for a login header, we can fall back to the v1 login
 		return o.createAuthRequest(ctx, req, userID)
 	}
 }