mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-13 04:57:33 +00:00
fix(oidc): upgrade zitadel/oidc to allow scope without openid (#8109)
# Which Problems Are Solved
Drop the requirement of the `openid` scope in all auth and token request
types.
# How the Problems Are Solved
This change upgrades the oidc package to include
https://github.com/zitadel/oidc/pull/613.
# Additional Changes
- Fix a typo in a go doc string
- upgrade otel modules to match the version from oidc.
# Additional Context
- https://github.com/zitadel/zitadel/pull/7822 started doing scope
validation for machine user authentication on the token endpoint.
- https://github.com/zitadel/zitadel/discussions/8068 reports breakage
of machine authentication without `openid` scope.
- Merge after https://github.com/zitadel/oidc/pull/613 is released.
(cherry picked from commit 81cc7c62cb)
This commit is contained in:
Tim Möhlmann
committed by
Livio Spring
Livio Spring
parent
2450736a34
commit
869ebceac6
@@ -176,7 +176,7 @@ func (s *Server) jwtProfileUserCheck(ctx context.Context, resourceOwner *string,
|
||||
}
|
||||
|
||||
func validateTokenExchangeScopes(client *Client, requestedScopes, subjectScopes, actorScopes []string) ([]string, error) {
|
||||
// Scope always has 1 empty string is the space delimited array was an empty string.
|
||||
// Scope always has 1 empty string if the space delimited array was an empty string.
|
||||
scopes := slices.DeleteFunc(requestedScopes, func(s string) bool {
|
||||
return s == ""
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user