TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 05:17:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(api): allow Device Authorization Grant using custom login UI (#9387)

Browse Source 
# Which Problems Are Solved

The OAuth2 Device Authorization Grant could not yet been handled through
the new login UI, resp. using the session API.
This PR adds the ability for the login UI to get the required
information to display the user and handle their decision (approve with
authorization or deny) using the OIDC Service API.

# How the Problems Are Solved

- Added a `GetDeviceAuthorizationRequest` endpoint, which allows getting
the `id`, `client_id`, `scope`, `app_name` and `project_name` of the
device authorization request
- Added a `AuthorizeOrDenyDeviceAuthorization` endpoint, which allows to
approve/authorize with the session information or deny the request. The
identification of the request is done by the `device_authorization_id` /
`id` returned in the previous request.
- To prevent leaking the `device_code` to the UI, but still having an
easy reference, it's encrypted and returned as `id`, resp. decrypted
when used.
- Fixed returned error types for device token responses on token
endpoint:
- Explicitly return `access_denied` (without internal error) when user
denied the request
  - Default to `invalid_grant` instead of `access_denied`
- Explicitly check on initial state when approving the reqeust
- Properly handle done case (also relates to initial check) 
- Documented the flow and handling in custom UIs (according to OIDC /
SAML)

# Additional Changes

- fixed some typos and punctuation in the corresponding OIDC / SAML
guides.
- added some missing translations for auth and saml request

# Additional Context

- closes #6239

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
This commit is contained in:
Livio Spring
2025-02-25 07:33:13 +01:00
committed by GitHub
parent f2e82d57ac
commit 911200aa9b
39 changed files with 1210 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/static/i18n/ko.yaml
View File

@@ -544,6 +544,7 @@ Errors:
AlreadyExists: 인증 요청이 이미 존재합니다
NotExisting: 인증 요청이 존재하지 않습니다
WrongLoginClient: 다른 로그인 클라이언트에 의해 생성된 인증 요청
AlreadyHandled: 인증 요청이 이미 처리되었습니다
OIDCSession:
RefreshTokenInvalid: 새로 고침 토큰이 유효하지 않습니다
Token:
@@ -554,8 +555,12 @@ Errors:
AlreadyExists: SAMLRequest가 이미 존재합니다
NotExisting: SAMLRequest가 존재하지 않습니다
WrongLoginClient: 다른 로그인 클라이언트가 생성한 SAMLRequest
AlreadyHandled: SAML 요청이 이미 처리되었습니다
SAMLSession:
InvalidClient: 이 클라이언트에 대해 SAMLResponse가 발행되지 않았습니다.
DeviceAuth:
NotFound: 장치 인증 요청이 존재하지 않습니다
AlreadyHandled: 장치 인증 요청이 이미 처리되었습니다
Feature:
NotExisting: 기능이 존재하지 않습니다
TypeNotSupported: 기능 유형이 지원되지 않습니다