fix: add and verified projectID in audience (#957)

* feat: new scope for project id in aud * feat: add doc * feat: projectid endpoint * feat: remove handle Proejct id * fix: remove go.mod replace * fix: add project id to aud * fix: update oidc version * fix: change project id scope * update projectID scope to current usage * typo: ZITADEL uppercase Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-11 21:37:32 +00:00 · 2020-11-16 10:54:48 +01:00
parent 42effd8702
commit 78c0cf2f57
8 changed files with 40 additions and 3 deletions
--- a/internal/auth_request/model/auth_request.go
+++ b/internal/auth_request/model/auth_request.go
@@ -137,3 +137,25 @@ func (a *AuthRequest) GetScopeOrgPrimaryDomain() string {
 	}
 	return ""
 }
+
+func (a *AuthRequest) GetScopeProjectIDsForAud() []string {
+	projectIDs := make([]string, 0)
+	switch request := a.Request.(type) {
+	case *AuthRequestOIDC:
+		for _, scope := range request.Scopes {
+			if strings.HasPrefix(scope, ProjectIDScope) && strings.HasSuffix(scope, AudSuffix) {
+				projectIDs = append(projectIDs, strings.TrimSuffix(strings.TrimPrefix(scope, ProjectIDScope), AudSuffix))
+			}
+		}
+	}
+	return projectIDs
+}
+
+func (a *AuthRequest) AppendAudIfNotExisting(aud string) {
+	for _, a := range a.Audience {
+		if a == aud {
+			return
+		}
+	}
+	a.Audience = append(a.Audience, aud)
+}
--- a/internal/auth_request/model/request.go
+++ b/internal/auth_request/model/request.go
@@ -19,7 +19,9 @@ const (
 )

 const (
-	OrgDomainPrimaryScope = "urn:zitadel:org:domain:primary:"
+	OrgDomainPrimaryScope = "urn:zitadel:iam:org:domain:primary:"
+	ProjectIDScope        = "urn:zitadel:iam:org:project:id:"
+	AudSuffix             = ":aud"
 )

 type AuthRequestOIDC struct {