fix: add and verified projectID in audience (#957)

* feat: new scope for project id in aud * feat: add doc * feat: projectid endpoint * feat: remove handle Proejct id * fix: remove go.mod replace * fix: add project id to aud * fix: update oidc version * fix: change project id scope * update projectID scope to current usage * typo: ZITADEL uppercase Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 11:57:37 +00:00 · 2020-11-16 10:54:48 +01:00
parent 42effd8702
commit 78c0cf2f57
8 changed files with 40 additions and 3 deletions
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -109,6 +109,9 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *mod
 		return nil, err
 	}
 	request.Audience = appIDs
+	projectIDAud := request.GetScopeProjectIDsForAud()
+	request.Audience = append(request.Audience, projectIDAud...)
+	request.AppendAudIfNotExisting(app.ProjectID)
 	if request.LoginHint != "" {
 		err = repo.checkLoginName(ctx, request, request.LoginHint)
 		logging.LogWithFields("EVENT-aG311", "login name", request.LoginHint, "id", request.ID, "applicationID", request.ApplicationID).OnError(err).Debug("login hint invalid")