TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-10 07:22:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

userinfo from events for v2 tokens

Browse Source
This commit is contained in:
Tim Möhlmann
2023-11-02 17:27:30 +02:00
parent 85e22c1521
commit 9f7f715259
7 changed files with 485 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/api/oidc/client.go
View File

@@ -27,6 +27,7 @@ import (
)
const (
// TODO: remove declarations: (moved to domain package)
ScopeProjectRolePrefix = "urn:zitadel:iam:org:project:role:"
ScopeProjectsRoles = "urn:zitadel:iam:org:projects:roles"
ClaimProjectRoles = "urn:zitadel:iam:org:project:roles"
@@ -179,21 +180,6 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
if strings.HasPrefix(tokenID, command.IDPrefixV2) {
token, err := o.query.ActiveAccessTokenByToken(ctx, tokenID)
if err != nil {
return err
}
projectID, err := o.query.ProjectIDFromClientID(ctx, clientID, false)
if err != nil {
return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found")
}
return o.introspect(ctx, introspection,
tokenID, token.UserID, token.ClientID, clientID, projectID,
token.Audience, token.Scope,
token.AccessTokenCreation, token.AccessTokenExpiration)
}
token, err := o.repo.TokenByIDs(ctx, subject, tokenID)
if err != nil {
return errors.ThrowPermissionDenied(nil, "OIDC-Dsfb2", "token is not valid or has expired")