mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 04:07:31 +00:00
feat(oidc): token exchange impersonation (#7516)
* add token exchange feature flag * allow setting reason and actor to access tokens * impersonation * set token types and scopes in response * upgrade oidc to working draft state * fix tests * audience and scope validation * id toke and jwt as input * return id tokens * add grant type token exchange to app config * add integration tests * check and deny actors in api calls * fix instance setting tests by triggering projection on write and cleanup * insert sleep statements again * solve linting issues * add translations * pin oidc v3.15.0 * resolve comments, add event translation * fix refreshtoken test * use ValidateAuthReqScopes from oidc * apparently the linter can't make up its mind * persist actor thru refresh tokens and check in tests * remove unneeded triggers
This commit is contained in:
Tim Möhlmann
@@ -573,6 +573,17 @@ Errors:
|
||||
NotActive: Потребителската схема не е активна
|
||||
NotInactive: Потребителската схема не е неактивна
|
||||
NotExists: Потребителската схема не съществува
|
||||
TokenExchange:
|
||||
FeatureDisabled: Функцията Token Exchange е деактивирана за вашето копие. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Токенът липсва
|
||||
Invalid: Токенът е невалиден
|
||||
TypeMissing: Липсва тип токен
|
||||
TypeNotAllowed: Типът токен не е разрешен
|
||||
TypeNotSupported: Типът токен не се поддържа
|
||||
NotForAPI: Имитирани токени не са разрешени за API
|
||||
Impersonation:
|
||||
PolicyDisabled: Имитирането е деактивирано в политиката за сигурност на екземпляра
|
||||
|
||||
AggregateTypes:
|
||||
action: Действие
|
||||
@@ -609,6 +620,7 @@ EventTypes:
|
||||
token:
|
||||
added: Токенът за достъп е създаден
|
||||
removed: Токенът за достъп е премахнат
|
||||
impersonated: Имитиран потребител
|
||||
username:
|
||||
reserved: Потребителското име е запазено
|
||||
released: Потребителското име е освободено
|
||||
|
||||
@@ -553,6 +553,17 @@ Errors:
|
||||
NotActive: Uživatelské schéma není aktivní
|
||||
NotInactive: Uživatelské schéma není neaktivní
|
||||
NotExists: Uživatelské schéma neexistuje
|
||||
TokenExchange:
|
||||
FeatureDisabled: Funkce Token Exchange je pro vaši instanci zakázána. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Token chybí
|
||||
Invalid: Token je neplatný
|
||||
TypeMissing: Chybí typ tokenu
|
||||
TypeNotAllowed: Typ tokenu není povolen
|
||||
TypeNotSupported: Typ tokenu není podporován
|
||||
NotForAPI: Zosobněné tokeny nejsou pro API povoleny
|
||||
Impersonation:
|
||||
PolicyDisabled: Zosobnění je zakázáno v zásadách zabezpečení instance
|
||||
|
||||
AggregateTypes:
|
||||
action: Akce
|
||||
@@ -589,6 +600,7 @@ EventTypes:
|
||||
token:
|
||||
added: Přístupový token vytvořen
|
||||
removed: Přístupový token odstraněn
|
||||
impersonated: Usuario suplantado
|
||||
username:
|
||||
reserved: Uživatelské jméno rezervováno
|
||||
released: Uživatelské jméno uvolněno
|
||||
|
||||
@@ -556,6 +556,17 @@ Errors:
|
||||
NotActive: Benutzerschema nicht aktiv
|
||||
NotInactive: Benutzerschema nicht inaktiv
|
||||
NotExists: Benutzerschema existiert nicht
|
||||
TokenExchange:
|
||||
FeatureDisabled: Die Token-Austauschfunktion ist für Ihre Instanz deaktiviert. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Token fehlt
|
||||
Invalid: Token ist ungültig
|
||||
TypeMissing: Der Tokentyp fehlt
|
||||
TypeNotAllowed: Der Tokentyp ist nicht zulässig
|
||||
TypeNotSupported: Der Tokentyp wird nicht unterstützt
|
||||
NotForAPI: Imitierte Token sind für die API nicht zulässig
|
||||
Impersonation:
|
||||
PolicyDisabled: Der Identitätswechsel ist in der Sicherheitsrichtlinie der Instanz deaktiviert
|
||||
|
||||
AggregateTypes:
|
||||
action: Action
|
||||
@@ -592,6 +603,7 @@ EventTypes:
|
||||
token:
|
||||
added: Access Token ausgestellt
|
||||
removed: Access Token gelöscht
|
||||
impersonated: Benutzer hat sich als Benutzer ausgegeben
|
||||
username:
|
||||
reserved: Benutzername reserviert
|
||||
released: Benutzername freigegeben
|
||||
|
||||
@@ -556,6 +556,17 @@ Errors:
|
||||
NotActive: User Schema not active
|
||||
NotInactive: User Schema not inactive
|
||||
NotExists: User Schema does not exist
|
||||
TokenExchange:
|
||||
FeatureDisabled: Token Exchange feature is disabled for your instance. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Token is missing
|
||||
Invalid: Token is invalid
|
||||
TypeMissing: Token type is missing
|
||||
TypeNotAllowed: Token type is not allowed
|
||||
TypeNotSupported: Token type is not supported
|
||||
NotForAPI: Impersonated tokens not allowed for API
|
||||
Impersonation:
|
||||
PolicyDisabled: Impersonation is disabled in the instance security policy
|
||||
|
||||
AggregateTypes:
|
||||
action: Action
|
||||
@@ -592,6 +603,7 @@ EventTypes:
|
||||
token:
|
||||
added: Access Token created
|
||||
removed: Access Token removed
|
||||
impersonated: User impersonated
|
||||
username:
|
||||
reserved: Username reserved
|
||||
released: Username released
|
||||
|
||||
@@ -556,6 +556,17 @@ Errors:
|
||||
NotActive: Esquema de usuario no activo
|
||||
NotInactive: Esquema de usuario no inactivo
|
||||
NotExists: El esquema de usuario no existe
|
||||
TokenExchange:
|
||||
FeatureDisabled: La función de intercambio de tokens está deshabilitada para su instancia. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Falta la ficha
|
||||
Invalid: El token no es válido
|
||||
TypeMissing: Falta el tipo de token
|
||||
TypeNotAllowed: El tipo de token no está permitido
|
||||
TypeNotSupported: El tipo de token no es compatible
|
||||
NotForAPI: Tokens suplantados no permitidos para API
|
||||
Impersonation:
|
||||
PolicyDisabled: La suplantación está deshabilitada en la política de seguridad de la instancia.
|
||||
|
||||
AggregateTypes:
|
||||
action: Acción
|
||||
@@ -592,6 +603,7 @@ EventTypes:
|
||||
token:
|
||||
added: Token de acceso creado
|
||||
removed: Token de acceso eliminado
|
||||
impersonated: Usuario suplantado
|
||||
username:
|
||||
reserved: Nombre de usuario reservado
|
||||
released: Nombre de usuario liberado
|
||||
|
||||
@@ -556,6 +556,17 @@ Errors:
|
||||
NotActive: Schéma utilisateur non actif
|
||||
NotInactive: Le schéma utilisateur n'est pas inactif
|
||||
NotExists: Le schéma utilisateur n'existe pas
|
||||
TokenExchange:
|
||||
FeatureDisabled: La fonctionnalité Token Exchange est désactivée pour votre instance. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Le jeton est manquant
|
||||
Invalid: Le jeton n'est pas valide
|
||||
TypeMissing: Le type de jeton est manquantg
|
||||
TypeNotAllowed: Le type de jeton n'est pas autorisé
|
||||
TypeNotSupported: Le type de jeton n'est pas pris en charge
|
||||
NotForAPI: Les jetons usurpés d'identité ne sont pas autorisés pour l'API
|
||||
Impersonation:
|
||||
PolicyDisabled: L'usurpation d'identité est désactivée dans la politique de sécurité de l'instance
|
||||
|
||||
AggregateTypes:
|
||||
action: Action
|
||||
@@ -591,6 +602,7 @@ EventTypes:
|
||||
failed: La vérification de l'initialisation a échoué
|
||||
token:
|
||||
added: Jeton d'accès créé
|
||||
impersonated: Utilisateur usurpé l'identité
|
||||
username:
|
||||
reserved: Nom d'utilisateur réservé
|
||||
released: Nom d'utilisateur libéré
|
||||
|
||||
@@ -557,6 +557,17 @@ Errors:
|
||||
NotActive: Schema utente non attivo
|
||||
NotInactive: Schema utente non inattivo
|
||||
NotExists: Lo schema utente non esiste
|
||||
TokenExchange:
|
||||
FeatureDisabled: La funzionalità di scambio token è disabilitata per la tua istanza. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Manca il gettone
|
||||
Invalid: Il token non è valido
|
||||
TypeMissing: Manca il tipo di token
|
||||
TypeNotAllowed: Il tipo di token non è consentito
|
||||
TypeNotSupported: Il tipo di token non è supportato
|
||||
NotForAPI: Token rappresentati non consentiti per l'API
|
||||
Impersonation:
|
||||
PolicyDisabled: La rappresentazione è disabilitata nella policy di sicurezza dell'istanza
|
||||
|
||||
AggregateTypes:
|
||||
action: Azione
|
||||
@@ -592,6 +603,7 @@ EventTypes:
|
||||
failed: Controllo dell'inizializzazione fallito
|
||||
token:
|
||||
added: Access Token creato
|
||||
impersonated: Utente impersonificato
|
||||
username:
|
||||
reserved: Nome utente riservato
|
||||
released: Nome utente rilasciato
|
||||
|
||||
@@ -545,6 +545,17 @@ Errors:
|
||||
NotActive: ユーザースキーマがアクティブではありません
|
||||
NotInactive: ユーザースキーマが非アクティブではありません
|
||||
NotExists: ユーザースキーマが存在しません
|
||||
TokenExchange:
|
||||
FeatureDisabled: インスタンスではトークン交換機能が無効になっています。 https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: トークンがありません
|
||||
Invalid: トークンが無効です
|
||||
TypeMissing: トークンの種類がありません
|
||||
TypeNotAllowed: トークンの種類は許可されていません
|
||||
TypeNotSupported: トークンタイプはサポートされていません
|
||||
NotForAPI: 偽装されたトークンは API では許可されません
|
||||
Impersonation:
|
||||
PolicyDisabled: インスタンスのセキュリティ ポリシーで偽装が無効になっています
|
||||
|
||||
AggregateTypes:
|
||||
action: アクション
|
||||
@@ -581,6 +592,7 @@ EventTypes:
|
||||
token:
|
||||
added: アクセストークンの作成
|
||||
removed: アクセストークンの削除
|
||||
impersonated: ユーザーがなりすました
|
||||
username:
|
||||
reserved: ユーザー名の予約
|
||||
released: ユーザー名の解放
|
||||
|
||||
@@ -555,6 +555,17 @@ Errors:
|
||||
NotActive: Корисничката шема не е активна
|
||||
NotInactive: Корисничката шема не е неактивна
|
||||
NotExists: Корисничката шема не постои
|
||||
TokenExchange:
|
||||
FeatureDisabled: Функцијата за размена на токени е оневозможена на вашиот пример. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Недостасува токен
|
||||
Invalid: Токенот е неважечки
|
||||
TypeMissing: Недостасува тип на токен
|
||||
TypeNotAllowed: Типот на токен не е дозволен
|
||||
TypeNotSupported: Типот на токен не е поддржан
|
||||
NotForAPI: Имитирани токени не се дозволени за API
|
||||
Impersonation:
|
||||
PolicyDisabled: Имитирањето е оневозможено во политиката за безбедност на примерот
|
||||
|
||||
AggregateTypes:
|
||||
action: Акција
|
||||
@@ -591,6 +602,7 @@ EventTypes:
|
||||
token:
|
||||
added: Креиран е токен за пристап
|
||||
removed: Токенот за пристап е отстранет
|
||||
impersonated: Корисникот имитиран
|
||||
username:
|
||||
reserved: Корисничкото име е резервирано
|
||||
released: Корисничкото име е ослободено
|
||||
|
||||
@@ -556,6 +556,17 @@ Errors:
|
||||
NotActive: Gebruikersschema niet actief
|
||||
NotInactive: Gebruikersschema niet inactief
|
||||
NotExists: Gebruikersschema bestaat niet
|
||||
TokenExchange:
|
||||
FeatureDisabled: De Token Exchange-functie is uitgeschakeld voor uw instantie. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Token ontbreekt
|
||||
Invalid: Token is ongeldig
|
||||
TypeMissing: Tokentype ontbreekt
|
||||
TypeNotAllowed: Tokentype is niet toegestaan
|
||||
TypeNotSupported: Tokentype wordt niet ondersteund
|
||||
NotForAPI: Nagebootste tokens zijn niet toegestaan voor API
|
||||
Impersonation:
|
||||
PolicyDisabled: Nabootsing van identiteit is uitgeschakeld in het beveiligingsbeleid van de instantie.
|
||||
|
||||
AggregateTypes:
|
||||
action: Actie
|
||||
@@ -592,6 +603,7 @@ EventTypes:
|
||||
token:
|
||||
added: Toegangstoken aangemaakt
|
||||
removed: Toegangstoken verwijderd
|
||||
impersonated: Gebruiker nagebootst
|
||||
username:
|
||||
reserved: Gebruikersnaam gereserveerd
|
||||
released: Gebruikersnaam vrijgegeven
|
||||
|
||||
@@ -556,6 +556,17 @@ Errors:
|
||||
NotActive: Schemat użytkownika nieaktywny
|
||||
NotInactive: Schemat użytkownika nie jest nieaktywny
|
||||
NotExists: Schemat użytkownika nie istnieje
|
||||
TokenExchange:
|
||||
FeatureDisabled: Funkcja wymiany tokenów jest wyłączona dla Twojej instancji. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Brak tokena
|
||||
Invalid: Token jest nieprawidłowy
|
||||
TypeMissing: Brak typu tokena
|
||||
TypeNotAllowed: Typ tokenu jest niedozwolony
|
||||
TypeNotSupported: Typ tokena nie jest obsługiwany
|
||||
NotForAPI: Podrabiane tokeny nie są dozwolone w interfejsie API
|
||||
Impersonation:
|
||||
PolicyDisabled: Podszywanie się jest wyłączone w polityce bezpieczeństwa instancji
|
||||
|
||||
AggregateTypes:
|
||||
action: Działanie
|
||||
@@ -592,6 +603,7 @@ EventTypes:
|
||||
token:
|
||||
added: Token dostępu utworzony
|
||||
removed: Token dostępu usunięty
|
||||
impersonated: Użytkownik podszywał się pod użytkownika
|
||||
username:
|
||||
reserved: Nazwa użytkownika zarezerwowana
|
||||
released: Nazwa użytkownika zwolniona
|
||||
|
||||
@@ -550,6 +550,17 @@ Errors:
|
||||
NotActive: Esquema do usuário não ativo
|
||||
NotInactive: Esquema do usuário não inativo
|
||||
NotExists: O esquema do usuário não existe
|
||||
TokenExchange:
|
||||
FeatureDisabled: O recurso Token Exchange está desabilitado para sua instância. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: O token está faltando
|
||||
Invalid: O token é inválido
|
||||
TypeMissing: O tipo de token está faltando
|
||||
TypeNotAllowed: O tipo de token não é permitido
|
||||
TypeNotSupported: O tipo de token não é compatível
|
||||
NotForAPI: Tokens personificados não permitidos para API
|
||||
Impersonation:
|
||||
PolicyDisabled: A representação está desativada na política de segurança da instância
|
||||
|
||||
AggregateTypes:
|
||||
action: Ação
|
||||
@@ -586,6 +597,7 @@ EventTypes:
|
||||
token:
|
||||
added: Token de acesso criado
|
||||
removed: Token de acesso removido
|
||||
impersonated: Usuário personificado
|
||||
username:
|
||||
reserved: Nome de usuário reservado
|
||||
released: Nome de usuário liberado
|
||||
|
||||
@@ -544,6 +544,17 @@ Errors:
|
||||
NotActive: Пользовательская схема не активна
|
||||
NotInactive: Пользовательская схема не неактивна
|
||||
NotExists: Пользовательская схема не существует
|
||||
TokenExchange:
|
||||
FeatureDisabled: Функция обмена токенами отключена для вашего экземпляра. https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: Токен отсутствует
|
||||
Invalid: Токен недействителен
|
||||
TypeMissing: Тип токена отсутствует
|
||||
TypeNotAllowed: Тип токена недопустим.
|
||||
TypeNotSupported: Тип токена не поддерживается
|
||||
NotForAPI: Олицетворенные токены не разрешены для API.
|
||||
Impersonation:
|
||||
PolicyDisabled: Олицетворение отключено в политике безопасности экземпляра.
|
||||
|
||||
AggregateTypes:
|
||||
action: Действие
|
||||
@@ -580,6 +591,7 @@ EventTypes:
|
||||
token:
|
||||
added: Токен доступа создан
|
||||
removed: Токен доступа удалён
|
||||
impersonated: Пользователь олицетворяет себя
|
||||
username:
|
||||
reserved: Имя пользователя зарезервировано
|
||||
released: Имя пользователя опубликовано
|
||||
|
||||
@@ -556,6 +556,17 @@ Errors:
|
||||
NotActive: 用户架构未激活
|
||||
NotInactive: 用户架构未处于非活动状态
|
||||
NotExists: 用户架构不存在
|
||||
TokenExchange:
|
||||
FeatureDisabled: 您的实例已禁用令牌交换功能。 https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
|
||||
Token:
|
||||
Missing: 令牌丢失
|
||||
Invalid: 令牌无效
|
||||
TypeMissing: 缺少令牌类型
|
||||
TypeNotAllowed: 不允许的令牌类型
|
||||
TypeNotSupported: 不支持令牌类型
|
||||
NotForAPI: API 不允许使用模拟令牌
|
||||
Impersonation:
|
||||
PolicyDisabled: 实例安全策略中禁用模拟
|
||||
|
||||
AggregateTypes:
|
||||
action: 动作
|
||||
@@ -591,6 +602,7 @@ EventTypes:
|
||||
failed: 初始化检查失败
|
||||
token:
|
||||
added: 已创建访问令牌
|
||||
impersonated: 用户冒充
|
||||
username:
|
||||
reserved: 保留用户名
|
||||
released: 用户名已发布
|
||||
|
||||
Reference in New Issue
Block a user