feat: token revocation and OP certification (#2594)

* fix: try using only user session if no user is set (id_token_hint) on prompt none * fix caos errors As implementation * implement request mode * return explicit error on invalid refresh token use * begin token revocation * token revocation * tests * tests * cleanup * set op config * add revocation endpoint to config * add revocation endpoint to config * migration version * error handling in token revocation * migration version * update oidc lib to 1.0.0
2025-08-12 03:57:32 +00:00 · 2021-11-03 08:35:24 +01:00
parent 8df5614e4d
commit fc6154cffc
25 changed files with 638 additions and 236 deletions
--- a/cmd/zitadel/startup.yaml
+++ b/cmd/zitadel/startup.yaml
@@ -290,8 +290,6 @@ API:
    OPConfig:
      Issuer: $ZITADEL_ISSUER
      DefaultLogoutRedirectURI: $ZITADEL_ACCOUNTS/logout/done
-      CodeMethodS256: true
-      AuthMethodPrivateKeyJWT: true
    StorageConfig:
      DefaultLoginURL: $ZITADEL_ACCOUNTS/login?authRequestID=
      DefaultAccessTokenLifetime: 12h
@@ -318,6 +316,9 @@ API:
      Introspection:
        Path: 'introspect'
        URL: '$ZITADEL_OAUTH/introspect'
+      Revocation:
+        Path: 'revoke'
+        URL: '$ZITADEL_OAUTH/revoke'
      EndSession:
        Path: 'endsession'
        URL: '$ZITADEL_AUTHORIZE/endsession'
@@ -409,4 +410,4 @@ Notification:
      ConcurrentWorkers: 1
      BulkLimit: 10000
      FailureCountUntilSkip: 5
-      Handlers:
+      Handlers: