TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-04-21 21:01:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(actions): Add refresh token to post authentication action context (#9493)

Browse Source 
# Which Problems Are Solved

- Refresh Tokens issued by third party authentication providers are lost

# How the Problems Are Solved

- Allows the existing post authentication action to capture the refresh
token

# Additional Changes

- Docs updated to reflect the new property

# Additional Context

- Partially addresses #7851 by allowing the refresh token to be
captured.

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
This commit is contained in:
Faey 2025-03-20 10:00:36 +01:00 committed by GitHub
parent 352fa6aa6f
commit 833e654a07
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/apis/actions/external-authentication.md
View File

@ -18,6 +18,8 @@ The trigger is represented by the following Ids in the API: `TRIGGER_TYPE_POST_A
The first parameter contains the following fields The first parameter contains the following fields
- `accessToken` *string* - `accessToken` *string*
The access token returned by the identity provider. This can be an opaque token or a JWT The access token returned by the identity provider. This can be an opaque token or a JWT
- `refreshToken` *string*
The refresh token returned by the identity provider if there is one. This is most likely to be an opaque token.
- `claimsJSON()` [*idTokenClaims*](../openidoauth/claims) - `claimsJSON()` [*idTokenClaims*](../openidoauth/claims)
Returns all claims of the id token Returns all claims of the id token
- `getClaim(key)` *Any* - `getClaim(key)` *Any*

5
internal/api/ui/login/custom_action.go
View File

@ -430,7 +430,7 @@ func (l *Login) runPostCreationActions(
} }
func tokenCtxFields(tokens *oidc.Tokens[*oidc.IDTokenClaims]) []actions.FieldOption { func tokenCtxFields(tokens *oidc.Tokens[*oidc.IDTokenClaims]) []actions.FieldOption {
var accessToken, idToken string var accessToken, idToken, refreshToken string
getClaim := func(claim string) interface{} { getClaim := func(claim string) interface{} {
return nil return nil
} }
@ -443,9 +443,11 @@ func tokenCtxFields(tokens *oidc.Tokens[*oidc.IDTokenClaims]) []actions.FieldOpt
actions.SetFields("idToken", idToken), actions.SetFields("idToken", idToken),
actions.SetFields("getClaim", getClaim), actions.SetFields("getClaim", getClaim),
actions.SetFields("claimsJSON", claimsJSON), actions.SetFields("claimsJSON", claimsJSON),
actions.SetFields("refreshToken", refreshToken),
} }
} }
accessToken = tokens.AccessToken accessToken = tokens.AccessToken
refreshToken = tokens.RefreshToken
idToken = tokens.IDToken idToken = tokens.IDToken
if tokens.IDTokenClaims != nil { if tokens.IDTokenClaims != nil {
getClaim = func(claim string) interface{} { getClaim = func(claim string) interface{} {
@ -464,6 +466,7 @@ func tokenCtxFields(tokens *oidc.Tokens[*oidc.IDTokenClaims]) []actions.FieldOpt
actions.SetFields("idToken", idToken), actions.SetFields("idToken", idToken),
actions.SetFields("getClaim", getClaim), actions.SetFields("getClaim", getClaim),
actions.SetFields("claimsJSON", claimsJSON), actions.SetFields("claimsJSON", claimsJSON),
actions.SetFields("refreshToken", refreshToken),
} }
} }