TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 03:24:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(OIDC): introspection (#6298)

Browse Source 
* fix(OIDC): introspect for PAT

* fix(OIDC): introspect for PAT

* fix(OIDC): introspect

* remove adding projectID into audience
This commit is contained in:
Livio Spring 2023-07-31 15:55:26 +02:00 committed by GitHub
parent b8dbfc71b6
commit 782f7ad647
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
internal/api/oidc/client.go
View File

@ -189,7 +189,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection
return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found") return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found")
} }
return o.introspect(ctx, introspection, return o.introspect(ctx, introspection,
tokenID, token.UserID, token.ClientID, projectID, tokenID, token.UserID, token.ClientID, clientID, projectID,
token.Audience, token.Scope, token.Audience, token.Scope,
token.AccessTokenCreation, token.AccessTokenExpiration) token.AccessTokenCreation, token.AccessTokenExpiration)
} }
@ -209,7 +209,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection
} }
} }
return o.introspect(ctx, introspection, return o.introspect(ctx, introspection,
token.ID, token.UserID, token.ApplicationID, projectID, token.ID, token.UserID, token.ApplicationID, clientID, projectID,
token.Audience, token.Scopes, token.Audience, token.Scopes,
token.CreationDate, token.Expiration) token.CreationDate, token.Expiration)
} }
@ -272,7 +272,7 @@ func (o *OPStorage) isOriginAllowed(ctx context.Context, clientID, origin string
func (o *OPStorage) introspect( func (o *OPStorage) introspect(
ctx context.Context, ctx context.Context,
introspection *oidc.IntrospectionResponse, introspection *oidc.IntrospectionResponse,
tokenID, subject, clientID, projectID string, tokenID, subject, tokenClientID, introspectionClientID, introspectionProjectID string,
audience, scope []string, audience, scope []string,
tokenCreation, tokenExpiration time.Time, tokenCreation, tokenExpiration time.Time,
) (err error) { ) (err error) {
@ -280,15 +280,15 @@ func (o *OPStorage) introspect(
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()
for _, aud := range audience { for _, aud := range audience {
if aud == clientID || aud == projectID { if aud == introspectionClientID || aud == introspectionProjectID {
userInfo := new(oidc.UserInfo) userInfo := new(oidc.UserInfo)
err = o.setUserinfo(ctx, userInfo, subject, clientID, scope, []string{projectID}) // always err = o.setUserinfo(ctx, userInfo, subject, introspectionClientID, scope, []string{introspectionProjectID})
if err != nil { if err != nil {
return err return err
} }
introspection.SetUserInfo(userInfo) introspection.SetUserInfo(userInfo)
introspection.Scope = scope introspection.Scope = scope
introspection.ClientID = clientID introspection.ClientID = tokenClientID
introspection.TokenType = oidc.BearerToken introspection.TokenType = oidc.BearerToken
introspection.Expiration = oidc.FromTime(tokenExpiration) introspection.Expiration = oidc.FromTime(tokenExpiration)
introspection.IssuedAt = oidc.FromTime(tokenCreation) introspection.IssuedAt = oidc.FromTime(tokenCreation)