TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 01:37:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(oidc): do not return access token for response type id_token (#8777)

Browse Source 
# Which Problems Are Solved

Do not return an access token for implicit flow from v1 login, if the
`response_type` is `id_token`

# How the Problems Are Solved

Do not create the access token event if if the `response_type` is
`id_token`.

# Additional Changes

Token endpoint calls without auth request, such as machine users, token
exchange and refresh token, do not have a `response_type`. For such
calls the `OIDCResponseTypeUnspecified` enum is added at a `-1` offset,
in order not to break existing client configs.

# Additional Context

- https://discord.com/channels/927474939156643850/1294001717725237298
- Fixes https://github.com/zitadel/zitadel/issues/8776
This commit is contained in:
Tim Möhlmann
2024-11-12 17:20:48 +02:00
committed by GitHub
parent 69e9926bcc
commit 778b4041ca
9 changed files with 105 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/domain/application_oidc.go
View File

@@ -79,7 +79,8 @@ const (
type OIDCResponseType int32
const (
OIDCResponseTypeCode OIDCResponseType = iota
OIDCResponseTypeUnspecified OIDCResponseType = iota - 1 // Negative offset not to break existing configs.
OIDCResponseTypeCode
OIDCResponseTypeIDToken
OIDCResponseTypeIDTokenToken
)