feat(oidc): token exchange impersonation (#7516)

* add token exchange feature flag * allow setting reason and actor to access tokens * impersonation * set token types and scopes in response * upgrade oidc to working draft state * fix tests * audience and scope validation * id toke and jwt as input * return id tokens * add grant type token exchange to app config * add integration tests * check and deny actors in api calls * fix instance setting tests by triggering projection on write and cleanup * insert sleep statements again * solve linting issues * add translations * pin oidc v3.15.0 * resolve comments, add event translation * fix refreshtoken test * use ValidateAuthReqScopes from oidc * apparently the linter can't make up its mind * persist actor thru refresh tokens and check in tests * remove unneeded triggers
2025-08-11 21:17:32 +00:00 · 2024-03-20 12:18:46 +02:00
parent b338171585
commit 6398349c24
104 changed files with 2149 additions and 248 deletions
--- a/internal/feature/key_enumer.go
+++ b/internal/feature/key_enumer.go
@@ -7,11 +7,11 @@ import (
 	"strings"
 )

-const _KeyName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schema"
+const _KeyName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchange"

-var _KeyIndex = [...]uint8{0, 11, 28, 61, 81, 92}
+var _KeyIndex = [...]uint8{0, 11, 28, 61, 81, 92, 106}

-const _KeyLowerName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schema"
+const _KeyLowerName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchange"

 func (i Key) String() string {
 	if i < 0 || i >= Key(len(_KeyIndex)-1) {
@@ -29,21 +29,24 @@ func _KeyNoOp() {
 	_ = x[KeyTriggerIntrospectionProjections-(2)]
 	_ = x[KeyLegacyIntrospection-(3)]
 	_ = x[KeyUserSchema-(4)]
+	_ = x[KeyTokenExchange-(5)]
 }

-var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyLegacyIntrospection, KeyUserSchema}
+var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyLegacyIntrospection, KeyUserSchema, KeyTokenExchange}

 var _KeyNameToValueMap = map[string]Key{
-	_KeyName[0:11]:       KeyUnspecified,
-	_KeyLowerName[0:11]:  KeyUnspecified,
-	_KeyName[11:28]:      KeyLoginDefaultOrg,
-	_KeyLowerName[11:28]: KeyLoginDefaultOrg,
-	_KeyName[28:61]:      KeyTriggerIntrospectionProjections,
-	_KeyLowerName[28:61]: KeyTriggerIntrospectionProjections,
-	_KeyName[61:81]:      KeyLegacyIntrospection,
-	_KeyLowerName[61:81]: KeyLegacyIntrospection,
-	_KeyName[81:92]:      KeyUserSchema,
-	_KeyLowerName[81:92]: KeyUserSchema,
+	_KeyName[0:11]:        KeyUnspecified,
+	_KeyLowerName[0:11]:   KeyUnspecified,
+	_KeyName[11:28]:       KeyLoginDefaultOrg,
+	_KeyLowerName[11:28]:  KeyLoginDefaultOrg,
+	_KeyName[28:61]:       KeyTriggerIntrospectionProjections,
+	_KeyLowerName[28:61]:  KeyTriggerIntrospectionProjections,
+	_KeyName[61:81]:       KeyLegacyIntrospection,
+	_KeyLowerName[61:81]:  KeyLegacyIntrospection,
+	_KeyName[81:92]:       KeyUserSchema,
+	_KeyLowerName[81:92]:  KeyUserSchema,
+	_KeyName[92:106]:      KeyTokenExchange,
+	_KeyLowerName[92:106]: KeyTokenExchange,
 }

 var _KeyNames = []string{
@@ -52,6 +55,7 @@ var _KeyNames = []string{
 	_KeyName[28:61],
 	_KeyName[61:81],
 	_KeyName[81:92],
+	_KeyName[92:106],
 }

 // KeyString retrieves an enum value from the enum constants string name.