feat(API): support V2 token and session token usage (#6180)

This PR adds support for userinfo and introspection of V2 tokens. Further V2 access tokens and session tokens can be used for authentication on the ZITADEL API (like the current access tokens).
2025-08-11 20:57:31 +00:00 · 2023-07-14 13:16:16 +02:00
parent 4589ddad4a
commit 80961125a7
38 changed files with 1309 additions and 181 deletions
--- a/internal/command/oidc_session_model.go
+++ b/internal/command/oidc_session_model.go
@@ -20,6 +20,7 @@ type OIDCSessionWriteModel struct {
 	AuthMethods                []domain.UserAuthMethodType
 	AuthTime                   time.Time
 	State                      domain.OIDCSessionState
+	AccessTokenCreation        time.Time
 	AccessTokenExpiration      time.Time
 	RefreshTokenID             string
 	RefreshTokenExpiration     time.Time
@@ -82,6 +83,11 @@ func (wm *OIDCSessionWriteModel) reduceAdded(e *oidcsession.AddedEvent) {
 	wm.AuthMethods = e.AuthMethods
 	wm.AuthTime = e.AuthTime
 	wm.State = domain.OIDCSessionStateActive
+	// the write model might be initialized without resource owner,
+	// so update the aggregate
+	if wm.ResourceOwner == "" {
+		wm.aggregate = &oidcsession.NewAggregate(wm.AggregateID, e.Aggregate().ResourceOwner).Aggregate
+	}
 }

 func (wm *OIDCSessionWriteModel) reduceAccessTokenAdded(e *oidcsession.AccessTokenAddedEvent) {