fix: compliance problems (#607)

* fix: compliance problems

* fix: at least one redirect uri

* fix: at least one redirect uri

* Update de.yaml

* Update en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi 2020-08-19 09:56:05 +02:00 committed by GitHub
parent 4e74050039
commit be923343b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 11 additions and 5 deletions

View File

@ -68,6 +68,6 @@ export ZITADEL_DEFAULT_DOMAIN=zitadel.ch
export TRACING_TYPE=google
#Setup
export ZITADEL_CONSOLE_RESPONSE_TYPE=ID_TOKEN TOKEN
export ZITADEL_CONSOLE_GRANT_TYPE=IMPLICIT
export ZITADEL_CONSOLE_RESPONSE_TYPE='ID_TOKEN TOKEN'
export ZITADEL_CONSOLE_GRANT_TYPE='IMPLICIT'
export ZITADEL_CONSOLE_DEV_MODE=true

View File

@ -60,9 +60,9 @@ SetUp:
PostLogoutRedirectUris:
- '$ZITADEL_CONSOLE/signedout'
ResponseTypes:
- '$ZITADEL_CONSOLE_RESPONSE_TYPE'
- $ZITADEL_CONSOLE_RESPONSE_TYPE
GrantTypes:
- '$ZITADEL_CONSOLE_GRANT_TYPE'
- $ZITADEL_CONSOLE_GRANT_TYPE
ApplicationType: 'USER_AGENT'
AuthMethodType: 'NONE'
DevMode: $ZITADEL_CONSOLE_DEV_MODE

View File

@ -132,6 +132,10 @@ func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTy
func GetOIDCV1Compliance(appType OIDCApplicationType, grantTypes []OIDCGrantType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
compliance := &Compliance{NoneCompliant: false}
if redirectUris == nil || len(redirectUris) == 0 {
compliance.NoneCompliant = true
compliance.Problems = append([]string{"Application.OIDC.V1.NoRedirectUris"}, compliance.Problems...)
}
if containsOIDCGrantType(grantTypes, OIDCGrantTypeImplicit) && containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode) {
CheckRedirectUrisImplicitAndCode(compliance, appType, redirectUris)
} else {

View File

@ -201,7 +201,7 @@ func (a *ApplicationView) SetData(event *models.Event) error {
}
func (a *ApplicationView) setCompliance() {
compliance := model.GetOIDCCompliance(model.OIDCVersion(a.OIDCVersion), model.OIDCApplicationType(a.OIDCApplicationType), OIDCGrantTypesToModel(a.OIDCGrantTypes), OIDCResponseTypesToModel(a.OIDCResponseTypes), model.OIDCAuthMethodType(a.OIDCAuthMethodType), a.OIDCPostLogoutRedirectUris)
compliance := model.GetOIDCCompliance(model.OIDCVersion(a.OIDCVersion), model.OIDCApplicationType(a.OIDCApplicationType), OIDCGrantTypesToModel(a.OIDCGrantTypes), OIDCResponseTypesToModel(a.OIDCResponseTypes), model.OIDCAuthMethodType(a.OIDCAuthMethodType), a.OIDCRedirectUris)
a.NoneCompliant = compliance.NoneCompliant
a.ComplianceProblems = compliance.Problems
}

View File

@ -298,6 +298,7 @@ Application:
OIDC:
V1:
NotCompliant: Deine Konfiguration ist nicht konform und weicht vom OIDC 1.0 Standard ab.
NoRedirectUris: Es muss mindestens eine Redirect URI erfasst sein.
NotAllCombinationsAreAllowed: Die Konfiguration ist konform, jedoch werden nicht alle möglichen Kombinationen erlaubt.
Code:
RedirectUris:

View File

@ -298,6 +298,7 @@ Application:
OIDC:
V1:
NotCompliant: Your configuration is not compliant and differs from OIDC 1.0 standard.
NoRedirectUris: At least one redirect uri must be registered.
NotAllCombinationsAreAllowed: Configuration is compliant, but not all possible combinations are allowed.
Code:
RedirectUris: