feat(oidc): token exchange impersonation (#7516)

* add token exchange feature flag * allow setting reason and actor to access tokens * impersonation * set token types and scopes in response * upgrade oidc to working draft state * fix tests * audience and scope validation * id toke and jwt as input * return id tokens * add grant type token exchange to app config * add integration tests * check and deny actors in api calls * fix instance setting tests by triggering projection on write and cleanup * insert sleep statements again * solve linting issues * add translations * pin oidc v3.15.0 * resolve comments, add event translation * fix refreshtoken test * use ValidateAuthReqScopes from oidc * apparently the linter can't make up its mind * persist actor thru refresh tokens and check in tests * remove unneeded triggers
2025-08-14 05:17:34 +00:00 · 2024-03-20 12:18:46 +02:00
parent b338171585
commit 6398349c24
104 changed files with 2149 additions and 248 deletions
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@@ -2270,7 +2270,8 @@
        "0": "Код за оторизация",
        "1": "имплицитно",
        "2": "Опресняване на токена",
-        "3": "Код на устройството"
+        "3": "Код на устройството",
+        "4": "Размяна на токени"
      },
      "AUTHMETHOD": {
        "0": "Основен",
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@@ -2289,7 +2289,8 @@
        "0": "Autorizační kód",
        "1": "Implicitní",
        "2": "Obnovovací Token",
-        "3": "Kód zařízení"
+        "3": "Kód zařízení",
+        "4": "Výměna tokenů"
      },
      "AUTHMETHOD": {
        "0": "Základní",
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@@ -2279,7 +2279,8 @@
        "0": "Authorization Code",
        "1": "Implicit",
        "2": "Refresh Token",
-        "3": "Device Code"
+        "3": "Device Code",
+        "4": "Token Exchange"
      },
      "AUTHMETHOD": {
        "0": "Basic",
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@@ -2298,7 +2298,8 @@
        "0": "Authorization Code",
        "1": "Implicit",
        "2": "Refresh Token",
-        "3": "Device Code"
+        "3": "Device Code",
+        "4": "Token Exchange"
      },
      "AUTHMETHOD": {
        "0": "Basic",
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@@ -2277,7 +2277,8 @@
        "0": "Código de autorización",
        "1": "Implícito",
        "2": "Token de refresco",
-        "3": "Device Code"
+        "3": "Device Code",
+        "4": "Intercambio de tokens"
      },
      "AUTHMETHOD": {
        "0": "Básico",
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@@ -2280,7 +2280,8 @@
        "0": "Code d'autorisation",
        "1": "Implicite",
        "2": "Rafraîchir le jeton",
-        "3": "Device Code"
+        "3": "Device Code",
+        "4": "Échange de jetons"
      },
      "AUTHMETHOD": {
        "0": "Basic",
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@@ -2280,7 +2280,8 @@
        "0": "Authorization Code",
        "1": "Implicit",
        "2": "Refresh Token",
-        "3": "Device Code"
+        "3": "Device Code",
+        "4": "Token Exchange"
      },
      "AUTHMETHOD": {
        "0": "Basic",
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@@ -2271,7 +2271,8 @@
        "0": "Authorization Code",
        "1": "Implicit",
        "2": "Refresh Token",
-        "3": "Device Code"
+        "3": "Device Code",
+        "4": "Token Exchange"
      },
      "AUTHMETHOD": {
        "0": "Basic",
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@@ -2277,7 +2277,8 @@
        "0": "Код на Овластување",
        "1": "Implicit",
        "2": "Токен за Освежување",
-        "3": "Код од Уред"
+        "3": "Код од Уред",
+        "4": "Размена на токени"
      },
      "AUTHMETHOD": {
        "0": "Basic",
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@@ -2298,7 +2298,8 @@
        "0": "Authorization Code",
        "1": "Implicit",
        "2": "Refresh Token",
-        "3": "Device Code"
+        "3": "Device Code",
+        "4": "Token Exchange"
      },
      "AUTHMETHOD": {
        "0": "Basic",
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@@ -2280,7 +2280,8 @@
        "0": "Kod autoryzacyjny",
        "1": "Implicite",
        "2": "Token odświeżający",
-        "3": "Device Code"
+        "3": "Device Code",
+        "4": "Wymiana tokenów"
      },
      "AUTHMETHOD": {
        "0": "Podstawowy",
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@@ -2275,7 +2275,8 @@
        "0": "Código de Autorização",
        "1": "Implícito",
        "2": "Token de Atualização",
-        "3": "Código do Dispositivo"
+        "3": "Código do Dispositivo",
+        "4": "Troca de tokens"
      },
      "AUTHMETHOD": {
        "0": "Básico",
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@@ -2393,7 +2393,8 @@
        "0": "Код авторизации",
        "1": "Скрытый",
        "2": "Обновить токен",
-        "3": "Код устройства"
+        "3": "Код устройства",
+        "4": "Обмен токенов"
      },
      "AUTHMETHOD": {
        "0": "Basic",
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@@ -2279,7 +2279,8 @@
        "0": "Authorization Code",
        "1": "Implicit",
        "2": "Refresh Token",
-        "3": "Device Code"
+        "3": "Device Code",
+        "4": "Token Exchange"
      },
      "AUTHMETHOD": {
        "0": "Basic",