feat: dynamic issuer (#3481)

* feat: dynamic issuer * dynamic domain handling * key rotation durations * feat: dynamic issuer * make webauthn displayname dynamic
2025-08-11 21:07:31 +00:00 · 2022-04-25 10:01:17 +02:00
parent 3d5891eb11
commit 75ec73ca4a
41 changed files with 403 additions and 348 deletions
--- a/internal/command/command.go
+++ b/internal/command/command.go
@@ -42,7 +42,7 @@ type Commands struct {
 	domainVerificationValidator func(domain, token, verifier string, checkType http.CheckType) error

 	multifactors       domain.MultifactorConfigs
-	webauthn           *webauthn_helper.WebAuthN
+	webauthnConfig     *webauthn_helper.Config
 	keySize            int
 	keyAlgorithm       crypto.EncryptionAlgorithm
 	privateKeyLifetime time.Duration
@@ -60,7 +60,7 @@ func StartCommands(es *eventstore.Eventstore,
 	zitadelRoles []authz.RoleMapping,
 	staticStore static.Storage,
 	authZRepo authz_repo.Repository,
-	webAuthN webauthn_helper.Config,
+	webAuthN *webauthn_helper.Config,
 	idpConfigEncryption,
 	otpEncryption,
 	smtpEncryption,
@@ -84,6 +84,7 @@ func StartCommands(es *eventstore.Eventstore,
 		userEncryption:        userEncryption,
 		domainVerificationAlg: domainVerificationEncryption,
 		keyAlgorithm:          oidcEncryption,
+		webauthnConfig:        webAuthN,
 	}

 	instance_repo.RegisterEventMappers(repo.eventstore)
@@ -107,11 +108,6 @@ func StartCommands(es *eventstore.Eventstore,

 	repo.domainVerificationGenerator = crypto.NewEncryptionGenerator(defaults.DomainVerification.VerificationGenerator, repo.domainVerificationAlg)
 	repo.domainVerificationValidator = http.ValidateDomain
-	web, err := webauthn_helper.StartServer(webAuthN)
-	if err != nil {
-		return nil, err
-	}
-	repo.webauthn = web

 	repo.tokenVerifier = authZRepo
 	return repo, nil