feat(oidc): id token for device authorization (#7088)

* cleanup todo * pass id token details to oidc * feat(oidc): id token for device authorization This changes updates to the newest oidc version, so the Device Authorization grant can return ID tokens when the scope `openid` is set. There is also some refactoring done, so that the eventstore can be queried directly when polling for state. The projection is cleaned up to a minimum with only data required for the login UI. * try to be explicit wit hthe timezone to fix github * pin oidc v3.8.0 * remove TBD entry
2025-08-11 21:47:32 +00:00 · 2023-12-20 14:21:08 +02:00
parent e15f6229cd
commit e22689c125
25 changed files with 629 additions and 621 deletions
--- a/internal/domain/request.go
+++ b/internal/domain/request.go
@@ -59,7 +59,7 @@ func (a *AuthRequestSAML) IsValid() bool {
 }

 type AuthRequestDevice struct {
-	ID         string
+	ClientID   string
 	DeviceCode string
 	UserCode   string
 	Scopes     []string
@@ -70,5 +70,5 @@ func (*AuthRequestDevice) Type() AuthRequestType {
 }

 func (a *AuthRequestDevice) IsValid() bool {
-	return a.DeviceCode != "" && a.UserCode != "" && len(a.Scopes) > 0
+	return a.DeviceCode != "" && a.UserCode != ""
 }