Commit Graph

2976 Commits

Author SHA1 Message Date
Tim Möhlmann
2089992d75
feat(crypto): use passwap for machine and app secrets (#7657)
* feat(crypto): use passwap for machine and app secrets

* fix command package tests

* add hash generator command test

* naming convention, fix query tests

* rename PasswordHasher and cleanup start commands

* add reducer tests

* fix intergration tests, cleanup old config

* add app secret unit tests

* solve setup panics

* fix push of updated events

* add missing event translations

* update documentation

* solve linter errors

* remove nolint:SA1019 as it doesn't seem to help anyway

* add nolint to deprecated filter usage

* update users migration version

* remove unused ClientSecret from APIConfigChangedEvent

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-05 09:35:49 +00:00
Livio Spring
5931fb8f28
chore: update stable to 2.43.11 (#7705) 2024-04-04 18:06:36 +00:00
Livio Spring
29ad51b0e3
fix(oidc): correctly return new refresh token on refresh token grant (#7707)
* fix(oidc): correctly return new refresh token on refresh token grant

* fix import
2024-04-04 15:58:40 +00:00
Vignesh Sankar Iyer
a988b9cc05
fix: Update url to redirect to name change url (#7683)
* update url to redirect to name change url

* Update register_option.html

* Update register_option.html

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-04 06:16:58 +00:00
Tim Möhlmann
9b3f3e4cd9
fix(idp): do not call userinfo when mapping from ID token is configured (#7696)
* fix(idp): do not call userinfo when mapping from ID token is configured

This change prevents the call of the Userinfo endpoint of a OIDC IDP if the IDP is configured to use the ID token for user information instead.
A unit test has been added to confirm the corrected behavior.

Closes #7373

* video for e2e

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-04-04 05:41:44 +00:00
Livio Spring
f862e43ede
chore(workflow): run e2e on non standard runners (#7698)
Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-04-03 22:15:00 +00:00
Alex Rimlin
fa9635eb93
docs(guides/integrate/service-users/private-key-jwt): (#7677)
* docs(guides/integrate/service-users/private-key-jwt): adjust incomplete, outdated and incorrect parts of the python example.

* wrong variable name for kid in the header

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2024-04-03 15:51:13 +00:00
Tim Möhlmann
25ef3da9d5
refactor(fmt): run gci on complete project (#7557)
chore(fmt): run gci on complete project

Fix global import formatting in go code by running the `gci` command. This allows us to just use the command directly, instead of fixing the import order manually for the linter, on each PR.

Co-authored-by: Elio Bischof <elio@zitadel.com>
2024-04-03 10:43:43 +00:00
Tim Möhlmann
093dd57a78
fix(db): wrap BeginTx in spans to get acquire metrics (#7689)
feat(db): wrap BeginTx in spans to get acquire metrics

This changes adds a span around most db.BeginTx calls so we can get tracings about the connection pool acquire process.
This might help us pinpoint why sometimes some query package traces show longer execution times, while this was not reflected on database side execution times.

Co-authored-by: Silvan <silvan.reusser@gmail.com>
2024-04-03 11:48:24 +03:00
mffap
e4e8361f66
docs: redirect identity providers introduction (#7695) 2024-04-03 07:02:01 +00:00
Tim Möhlmann
5b3946b67e
feat(oidc): allow additional audience based on scope in device auth (#7685)
feat(oidc): allow additional audience based on scope
2024-04-03 09:06:21 +03:00
Tijl
2d25244c77
fix: docs: keycloak user migration api error (#7626)
fix user importing api error

Co-authored-by: Florian Forster <florian@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-28 18:40:54 +00:00
Elio Bischof
6ca35009be
fix(console): show callback urls on update idp (#7668)
* fix(console): show callback urls on update idp

* styles

* lint

* center links
2024-03-28 16:22:08 +00:00
Tim Möhlmann
3ca80d637d
docs(oidc): token exchange beta feature info (#7670)
* docs(oidc): token exchange beta feature info

This change adds an info box to the token exchange documentation, informing the reader of the beta state of the feature and how to enable it.

* Update docs/docs/apis/openidoauth/endpoints.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/token-exchange.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-03-28 13:02:54 +00:00
Silvan
bed0f6293b
fix: check error before using token (#7664) 2024-03-28 12:19:03 +00:00
Vignesh Sankar Iyer
dcb1c7fa75
fix: Incorrect button positioning on email verification (#7579)
change mail verification page styling

Co-authored-by: Max Peintner <max@caos.ch>
2024-03-28 09:52:29 +00:00
Max Peintner
20fb032743
docs: typescript login (#7621)
* typescript docs

* docs

* self service part

* deploy part

* headers

* update description

* illustration description

* endpoints

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* rm scope

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Livio Spring <livio.a@gmail.com>

* screenshot deploy to vercel

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-28 08:19:36 +00:00
Livio Spring
4c945f8bdc
chore(workflow): stop previous GH action pipeline on new changes and move back to public runners (#7659)
* chore(workflow): stop previous GH action pipeline on new changes

* skip previous code ql actions

* try running e2e on gh runner again
2024-03-28 07:15:03 +00:00
Stefan Benz
217703395e
feat: add user v2 pw change required information on query (#7603)
* fix: add resource owner as query for user v2 ListUsers and clean up deprecated attribute

* fix: add resource owner as query for user v2 ListUsers and clean up deprecated attribute

* fix: add resource owner as query for user v2 ListUsers and clean up deprecated attribute

* fix: review changes

* fix: review changes

* fix: review changes

* fix: review changes

* fix: add password change required to user v2 get and list

* fix: update unit tests for query side with new column and projection

* fix: change projection in setup steps

* fix: change projection in setup steps

* fix: remove setup step 25

* fix: add password_change_required into ListUsers response

* fix: correct SetUserPassword parameters

* fix: rollback to change setup instead of projection directly

* fix: rollback to change setup instead of projection directly

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-28 06:21:21 +00:00
Elio Bischof
d26391a642
feat(console): guide users when configuring IDPs (#7572)
* feat(console): show external idp remote config

* reuse copy-row

* finish google and saml sp

* finish apps

* add next steps modal

* rollout

* activate

* fix saml urls

* fix saml provider

* complete providers

* translate

* update google docs

* update entra id oidc docs

* update entra id saml docs

* update github docs

* update gitlab docs

* update apple docs

* update okta oidc docs

* update okta saml docs

* update keycloak docs

* update mocksaml

* cleanup

* lint

* lint

* fix overriden classes

* encapsulate styles

* fix icon classes

---------

Co-authored-by: peintnermax <max@caos.ch>
2024-03-27 20:10:31 +00:00
Stefan Benz
84644214d7
fix: remove resourceowner read from context in user v2 api (#7641)
* fix: remove resourceowner read from context in user v2 api

* fix: lint

* fix: remove orgID in addIDPLink

* fix: remove comment as unnecessary

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-27 18:22:17 +00:00
Livio Spring
1e53aab4b4
fix: properly handle otp sms challenge notification in session api (#7653)
* fix: properly handle otp sms challenge notification in session api

* small fix
2024-03-27 19:48:14 +02:00
Silvan
56df515e5f
chore: use pgx v5 (#7577)
* chore: use pgx v5

* chore: update go version

* remove direct pq dependency

* remove unnecessary type

* scan test

* map scanner

* converter

* uint8 number array

* duration

* most unit tests work

* unit tests work

* chore: coverage

* go 1.21

* linting

* int64 gopfertammi

* retry go 1.22

* retry go 1.22

* revert to go v1.21.5

* update go toolchain to 1.21.8

* go 1.21.8

* remove test flag

* go 1.21.5

* linting

* update toolchain

* use correct array

* use correct array

* add byte array

* correct value

* correct error message

* go 1.21 compatible
2024-03-27 15:48:22 +02:00
Dakshitha Ratnayake
2ea0b520fd
docs: Added a new intro page for configuring external IdPs. (#7595)
* Added a new intro page for configuring external IdPs.

* Fixed broken links

* Resolved build errors.

* Update docs/docs/guides/integrate/identity-providers/introduction.md

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/introduction.md

Co-authored-by: Fabi <fabienne@zitadel.com>

* Addressed review comments.

* Update docs/docs/guides/integrate/identity-providers/introduction.md

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/introduction.md

Co-authored-by: Fabi <fabienne@zitadel.com>

* Addressed review comments.

* Update docs/docs/guides/integrate/identity-providers/introduction.md

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/identity-providers/introduction.md

Co-authored-by: Fabi <fabienne@zitadel.com>

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-03-27 15:49:08 +05:30
Livio Spring
841e79357a
fix: detect mime type of uploaded asset (#7648) 2024-03-27 10:41:10 +01:00
Livio Spring
1121ebfdb8
fix: prevent custom urn:zitadel:iam claims (#7647) 2024-03-27 08:26:14 +01:00
Livio Spring
a83829b5ff
fix(API): remove deprecated organisation_id from user factor in session service (#7631) 2024-03-26 11:25:40 +00:00
Tim Möhlmann
2021bad0ad
docs(oidc): token exchange guide (#7625)
* docs(oidc): token exchange guide

This change adds a token exchange guide which includes "simple" and impersonation examples.
The endpoint, claims and grant type documentation also has been amended with token exchange specifics.

* solve suggestions

* fix impersonated event type

* add link to event store concept

* fix links build error

* add to sidebar and update some info boxes
2024-03-26 06:28:17 +00:00
Fabi
62652f4f91
docs: add linkedin guide (#7600)
* docs: add linkedin guide

* docs: change pictures and settings
2024-03-25 18:34:49 +02:00
mffap
376c3a3fff
docs(integrate): improve service user authentication (#7492)
* service users

* wip

* wip

* wip

* lower case titles

* wip

* wip

* private key jwt

* wip

* wip

* token introspection

* zitadel apis

* expiration

* replace mermaid with svg

* Apply suggestions from code review

Co-authored-by: Fabi <fabienne@zitadel.com>

* Apply suggestions from code review

* boulevard of broken links

* my hrefs will go on

* docs: add token type to client credential

* Update docs/docs/apis/introduction.mdx

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/authenticate-service-users.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/authenticate-service-users.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/authenticate-service-users.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/private-key-jwt.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/private-key-jwt.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/authenticate-service-users.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/client-credentials.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/service-users/client-credentials.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/_accessing_zitadel_api.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* Update docs/docs/guides/integrate/zitadel-apis/access-zitadel-apis.md

Co-authored-by: Florian Forster <florian@zitadel.com>

* docs: add token type to client credential

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
Co-authored-by: Fabienne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Florian Forster <florian@zitadel.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-25 10:30:43 +01:00
dependabot[bot]
47e5533f0f
chore(deps): bump actions/add-to-project from 0.6.0 to 0.6.1 (#7628)
Bumps [actions/add-to-project](https://github.com/actions/add-to-project) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/actions/add-to-project/releases)
- [Commits](https://github.com/actions/add-to-project/compare/v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: actions/add-to-project
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-25 09:07:57 +00:00
Livio Spring
30ff0dd1ed
chore: update stable to 2.42.16 (#7629) 2024-03-25 08:53:04 +00:00
Livio Spring
2bcc42c4cd
chore(workflow): fix homebrew update (#7630) 2024-03-25 09:29:54 +01:00
Livio Spring
d313e6d498
fix(setup): enable init-projection by default (#7616)
* fix(setup): enable init-projection by default

* update A10008
2024-03-23 12:52:52 +01:00
Livio Spring
7494a7b6d9
feat(api): add possibility to retrieve user schemas (#7614)
This PR extends the user schema service (V3 API) with the possibility to ListUserSchemas and GetUserSchemaByID.
The previously started guide is extended to demonstrate how to retrieve the schema(s) and notes the generated revision property.
2024-03-22 13:26:13 +00:00
Silvan
5b301c7f96
chore: trigger update homebrew tap on latest release (#7618) 2024-03-22 13:38:18 +01:00
Silvan
c3cb010d2a
chore(build): update dependencies (#7606) 2024-03-22 07:10:34 +00:00
Tim Möhlmann
9d5cd12cd4
fix(oidc): define audience inside auth request instead of token creation (#7610)
fix(oidc): define audience inside auth request instead off token creation

When using the v1 OIDC Code flow, tokens would not carry the correct audience when returned as JWT. This applies to access tokens as JWT and ID tokens.
Introspection would still show the correct audience.
This happened because project audience was appended at token creation time. This stored the appended audience, used later in introspection or token refresh. However, the OIDC library still only had a view of the original auth request with the original audience.
When signing JWTs it would use this outdated information.

This change moves audience modifications to the auth request creation. This is was already the way it was done for v2 login and now v1 follows the same method.

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-21 19:42:44 +02:00
Silvan
6eb982e368
fix(api): correct mapping of metadata queries (#7609) 2024-03-21 14:56:58 +00:00
Stefan Benz
517398bba6
fix: fill resourceowner of project into usergrant projection (#7605) 2024-03-21 10:31:06 +00:00
Stefan Benz
319ebe7898
fix: add organizationID query for user v2 ListUsers and clean up depeprecated attribute (#7593)
Add organizationID as query for ListUsers and clean up the deprecated Organisation attributes in other queries.

This PR removes the following fields from API requests (user service v2):

organisation from AddHumanUser (deprecated some time ago, organization still exists)
organization from GetUserByID
2024-03-21 08:07:00 +00:00
Livio Spring
7e24a1adbc
fix: allow login by email case-insensitive (#7578)
A customer noted that the login by email was case-sensitive, which differs to the handling of the loginname.

This PR changes the email check to be case-insensitive (which it was already in same parts) and improve the search for this as well.
2024-03-20 15:51:26 +00:00
Livio Spring
b2d7352a5a
fix(login): display username after registration with idp (#7598)
It was noticed multiple time (incl. customers) that the loginname is sometimes not rendered in the UI.

This PR fixes such an issue after registration of a new user from an IdP.
2024-03-20 15:02:57 +01:00
Tim Möhlmann
6398349c24
feat(oidc): token exchange impersonation (#7516)
* add token exchange feature flag

* allow setting reason and actor to access tokens

* impersonation

* set token types and scopes in response

* upgrade oidc to working draft state

* fix tests

* audience and scope validation

* id toke and jwt as input

* return id tokens

* add grant type  token exchange to app config

* add integration tests

* check and deny actors in api calls

* fix instance setting tests by triggering projection on write and cleanup

* insert sleep statements again

* solve linting issues

* add translations

* pin oidc v3.15.0

* resolve comments, add event translation

* fix refreshtoken test

* use ValidateAuthReqScopes from oidc

* apparently the linter can't make up its mind

* persist actor thru refresh tokens and check in tests

* remove unneeded triggers
2024-03-20 10:18:46 +00:00
Silvan
b338171585
docs: move jwt idp to guides (#7570) 2024-03-20 10:46:05 +01:00
Silvan
cc26eb1116
feat(actions): ctx.org.getMetadata() in external authentication (#7571) 2024-03-19 07:34:38 +01:00
Dakshitha Ratnayake
d30fb3118d
docs: Update additional-information.mdx (#7590)
Update additional-information.mdx
2024-03-18 16:01:03 +05:30
Livio Spring
6c3f48f496
fix(login): (re)allow HTML in custom login texts (#7575)
fix: allow HTML in custom login texts
2024-03-15 16:29:10 +01:00
Fabi
732217bc5e
docs: add org id header in missing requests (#7562)
* docs: add org id header in missing requests

* docs: add org id header to proto definitions

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-03-15 10:45:14 +00:00
Max Peintner
0d46c39d00
docs: typescript login progress (#7378)
* docs: typescript login progress

* docs

* space

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* Update docs/docs/guides/integrate/login-ui/typescript-repo.mdx

Co-authored-by: Fabi <fabienne@zitadel.com>

* future login, show email password login

---------

Co-authored-by: Fabi <fabienne@zitadel.com>
2024-03-15 11:02:56 +01:00