This PR adds support for userinfo and introspection of V2 tokens. Further V2 access tokens and session tokens can be used for authentication on the ZITADEL API (like the current access tokens).
* feat: use passwap for human user passwords
* fix tests
* passwap config
* add the event mapper
* cleanup query side and api
* solve linting errors
* regression test
* try to fix linter errors again
* pass systemdefaults into externalConfigChange migration
* fix: user password set in auth view
* pin passwap v0.2.0
* v2: validate hashed password hash based on prefix
* resolve remaining comments
* add error tag and translation for unsupported hash encoding
* fix unit test
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP)
* add macedonian language to currently supported languages
* mk yaml login static with en values
* mk json assets with en values
* mk yaml notification static with en values
* add macedonian notification yaml
* mk yaml static with en values
* mk translations for login
* mk translations for internal
* macedonian translations
* - fix lint issues
This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow.
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
* fix: add user self manager role (can delete himself)
* fix: add user self manager role (can delete himself)
* fix: add user self manager role (can delete himself)
* fix: add .txt ending to domain validation as given in console
* fix console
---------
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
* reproduce #5808
Add an integration test that imports and gets N amount of human users.
- With N set to 1-10 the operation seems to succeed always
- With N set to 100 the operation seems to fail between 1 and 7 times.
* fix merge issue
* fix: reset the call timestamp after a bulk trigger
With the use of `AS OF SYSTEM TIME` in queries,
there was a change for the query package not
finding the latest projection verson after
a bulk trigger.
If events where processed in the bulk trigger,
the resulting row timestamp would be after the call
start timestamp.
This sometimes resulted in consistency issues when
Set and Get API methods are called in short succession.
For example a Import and Get user could sometimes result in a Not Found
error.
Although the issue was reported for the Management API user import,
it is likely this bug contributed to the flaky integration and e2e tests.
Fixes#5808
* trigger bulk action in GetSession
* don't use the new context in handler schedule
* disable reproduction test
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
chore: Apply OCI source label to Docker image
This patch adds the `org.opencontainers.image.source` label to
the Zitadel Docker image. This label is used by dependency update
tools like Dependabot and Renovate to look up release notes for
Docker image updates.
Co-authored-by: Elio Bischof <elio@zitadel.com>
* docs: add instance not found troubleshoot to self-hosting
* docs: add instance not found troubleshoot to self-hosting
* docs: fix links
* docs: remove instance not found from support troubleshoot
* docs: add instance not found note on all deploy guides
* Modifying docs to comply with Google style guide for docs.
* Removed typo.
* Added FE and BE integration with ZITADEL
* Added FE and BE integration with ZITADEL
* Added FE and BE integration with ZITADEL
* Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx
Co-authored-by: mffap <mpa@zitadel.com>
* Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx
Co-authored-by: mffap <mpa@zitadel.com>
* Addressed @mffap's question on the PR.
* Added docs for detailed explanations for token introspection.
* Update docs/docs/guides/integrate/token-introspection/basic-auth.mdx
Co-authored-by: Fabi <fabienne@zitadel.com>
* Update docs/sidebars.js
Co-authored-by: Fabi <fabienne@zitadel.com>
* Update docs/docs/guides/integrate/token-introspection/private-key-jwt.mdx
* Addressed @hifabienne's review comments.
* Addressed @hifabienne's review comments.
---------
Co-authored-by: Dakshitha Ratnayake <dakshitharatnayake@Dakshithas-MacBook-Pro-2.local>
Co-authored-by: mffap <mpa@zitadel.com>
Co-authored-by: Fabi <fabienne@zitadel.com>
* Modifying docs to comply with Google style guide for docs.
* Removed typo.
* Added FE and BE integration with ZITADEL
* Added FE and BE integration with ZITADEL
* Added FE and BE integration with ZITADEL
* Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx
Co-authored-by: mffap <mpa@zitadel.com>
* Update docs/docs/guides/solution-scenarios/frontend-calling-backend-API.mdx
Co-authored-by: mffap <mpa@zitadel.com>
* Addressed @mffap's question on the PR.
---------
Co-authored-by: Dakshitha Ratnayake <dakshitharatnayake@Dakshithas-MacBook-Pro-2.local>
Co-authored-by: mffap <mpa@zitadel.com>
This fix provides a possibility to pass a domain on the session, which
will be used (as rpID) to create a passkey / u2f assertion and
attestation. This is useful in cases where the login UI is served under
a different domain / origin than the ZITADEL API.
This change renames the v2 user OTP registration endpoints and objects
to TOTP.
Also the v2 related code paths have been renamed to TOTP.
This change was discussed during the sprint review.
### Definition of Ready
- [ ] I am happy with the code
- [ ] Short description of the feature/issue is added in the pr
description
- [ ] PR is linked to the corresponding user story
- [ ] Acceptance criteria are met
- [ ] All open todos and follow ups are defined in a new ticket and
justified
- [ ] Deviations from the acceptance criteria and design are agreed with
the PO and documented.
- [ ] No debug or dead code
- [ ] My code has no repetitions
- [ ] Critical parts are tested automatically
- [ ] Where possible E2E tests are implemented
- [ ] Documentation/examples are up-to-date
- [ ] All non-functional requirements are met
- [ ] Functionality of the acceptance criteria is checked manually on
the dev system.
* feat: add fontname package and draft
* feat: change back delete visibility
* feat: replace fontname lib with opentype.js
* feat: dynamic font preview also for font name
---------
Co-authored-by: Max Peintner <max@caos.ch>
* docs: add guide for implementing ui with the new user/session api
* docs: add guide for implementing ui with the new user/session api
* docs: add oidc flow to login ui guide
