fix: compliance problems (#607)

* fix: compliance problems * fix: at least one redirect uri * fix: at least one redirect uri * Update de.yaml * Update en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-05-27 18:08:21 +00:00 · 2020-08-19 09:56:05 +02:00 · 2020-08-19 09:56:05 +02:00 · be923343b0
commit be923343b0
parent 4e74050039
6 changed files with 11 additions and 5 deletions
--- a/cmd/zitadel/caos_local.sh
+++ b/cmd/zitadel/caos_local.sh
@ -68,6 +68,6 @@ export ZITADEL_DEFAULT_DOMAIN=zitadel.ch
 export TRACING_TYPE=google

 #Setup
-export ZITADEL_CONSOLE_RESPONSE_TYPE=ID_TOKEN TOKEN
-export ZITADEL_CONSOLE_GRANT_TYPE=IMPLICIT
+export ZITADEL_CONSOLE_RESPONSE_TYPE='ID_TOKEN TOKEN'
+export ZITADEL_CONSOLE_GRANT_TYPE='IMPLICIT'
 export ZITADEL_CONSOLE_DEV_MODE=true
--- a/cmd/zitadel/setup.yaml
+++ b/cmd/zitadel/setup.yaml
@ -60,9 +60,9 @@ SetUp:
              PostLogoutRedirectUris:
                - '$ZITADEL_CONSOLE/signedout'
              ResponseTypes:
-                - '$ZITADEL_CONSOLE_RESPONSE_TYPE'
+                - $ZITADEL_CONSOLE_RESPONSE_TYPE
              GrantTypes:
-                - '$ZITADEL_CONSOLE_GRANT_TYPE'
+                - $ZITADEL_CONSOLE_GRANT_TYPE
              ApplicationType: 'USER_AGENT'
              AuthMethodType: 'NONE'
              DevMode: $ZITADEL_CONSOLE_DEV_MODE
--- a/internal/project/model/oidc_config.go
+++ b/internal/project/model/oidc_config.go
@ -132,6 +132,10 @@ func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTy

 func GetOIDCV1Compliance(appType OIDCApplicationType, grantTypes []OIDCGrantType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
 	compliance := &Compliance{NoneCompliant: false}
+	if redirectUris == nil || len(redirectUris) == 0 {
+		compliance.NoneCompliant = true
+		compliance.Problems = append([]string{"Application.OIDC.V1.NoRedirectUris"}, compliance.Problems...)
+	}
 	if containsOIDCGrantType(grantTypes, OIDCGrantTypeImplicit) && containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode) {
 		CheckRedirectUrisImplicitAndCode(compliance, appType, redirectUris)
 	} else {
--- a/internal/project/repository/view/model/application.go
+++ b/internal/project/repository/view/model/application.go
@ -201,7 +201,7 @@ func (a *ApplicationView) SetData(event *models.Event) error {
 }

 func (a *ApplicationView) setCompliance() {
-	compliance := model.GetOIDCCompliance(model.OIDCVersion(a.OIDCVersion), model.OIDCApplicationType(a.OIDCApplicationType), OIDCGrantTypesToModel(a.OIDCGrantTypes), OIDCResponseTypesToModel(a.OIDCResponseTypes), model.OIDCAuthMethodType(a.OIDCAuthMethodType), a.OIDCPostLogoutRedirectUris)
+	compliance := model.GetOIDCCompliance(model.OIDCVersion(a.OIDCVersion), model.OIDCApplicationType(a.OIDCApplicationType), OIDCGrantTypesToModel(a.OIDCGrantTypes), OIDCResponseTypesToModel(a.OIDCResponseTypes), model.OIDCAuthMethodType(a.OIDCAuthMethodType), a.OIDCRedirectUris)
 	a.NoneCompliant = compliance.NoneCompliant
 	a.ComplianceProblems = compliance.Problems
 }
--- a/internal/static/i18n/de.yaml
+++ b/internal/static/i18n/de.yaml
@ -298,6 +298,7 @@ Application:
  OIDC:
    V1:
      NotCompliant: Deine Konfiguration ist nicht konform und weicht vom OIDC 1.0 Standard ab.
+      NoRedirectUris: Es muss mindestens eine Redirect URI erfasst sein.
      NotAllCombinationsAreAllowed: Die Konfiguration ist konform, jedoch werden nicht alle möglichen Kombinationen erlaubt.
      Code:
        RedirectUris:
--- a/internal/static/i18n/en.yaml
+++ b/internal/static/i18n/en.yaml
@ -298,6 +298,7 @@ Application:
  OIDC:
    V1:
      NotCompliant: Your configuration is not compliant and differs from OIDC 1.0 standard.
+      NoRedirectUris: At least one redirect uri must be registered.
      NotAllCombinationsAreAllowed: Configuration is compliant, but not all possible combinations are allowed.
      Code:
        RedirectUris: