TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 23:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: role claims for service user tokens (#5577)

Browse Source 
tokens of service users can now contain role claims by requesting them through scopes
This commit is contained in:
Silvan
2023-04-03 14:26:51 +02:00
committed by GitHub
parent 4691298eb6
commit e688954308
6 changed files with 158 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/api/oidc/auth_request.go
View File

@@ -245,12 +245,8 @@ func (o *OPStorage) assertProjectRoleScopes(ctx context.Context, clientID string
return scopes, nil
}
func (o *OPStorage) assertClientScopesForPAT(ctx context.Context, token *model.TokenView, clientID string) error {
func (o *OPStorage) assertClientScopesForPAT(ctx context.Context, token *model.TokenView, clientID, projectID string) error {
token.Audience = append(token.Audience, clientID)
projectID, err := o.query.ProjectIDFromClientID(ctx, clientID, false)
if err != nil {
return errors.ThrowPreconditionFailed(nil, "OIDC-AEG4d", "Errors.Internal")
}
projectIDQuery, err := query.NewProjectRoleProjectIDSearchQuery(projectID)
if err != nil {
return errors.ThrowInternal(err, "OIDC-Cyc78", "Errors.Internal")