fix(oidc): upgrade zitadel/oidc to allow scope without openid (#8109)

# Which Problems Are Solved Drop the requirement of the `openid` scope in all auth and token request types. # How the Problems Are Solved This change upgrades the oidc package to include https://github.com/zitadel/oidc/pull/613. # Additional Changes - Fix a typo in a go doc string - upgrade otel modules to match the version from oidc. # Additional Context - https://github.com/zitadel/zitadel/pull/7822 started doing scope validation for machine user authentication on the token endpoint. - https://github.com/zitadel/zitadel/discussions/8068 reports breakage of machine authentication without `openid` scope. - Merge after https://github.com/zitadel/oidc/pull/613 is released.
2025-08-11 21:17:32 +00:00 · 2024-06-13 11:32:27 +02:00
parent f6a50db96c
commit 81cc7c62cb
3 changed files with 90 additions and 92 deletions
--- a/internal/api/oidc/token_exchange.go
+++ b/internal/api/oidc/token_exchange.go
@@ -176,7 +176,7 @@ func (s *Server) jwtProfileUserCheck(ctx context.Context, resourceOwner *string,
 }

 func validateTokenExchangeScopes(client *Client, requestedScopes, subjectScopes, actorScopes []string) ([]string, error) {
-	// Scope always has 1 empty string is the space delimited array was an empty string.
+	// Scope always has 1 empty string if the space delimited array was an empty string.
 	scopes := slices.DeleteFunc(requestedScopes, func(s string) bool {
 		return s == ""
 	})