TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-08 03:22:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,708 Commits 285 Branches 2,105 Tags
fc55c04bda1575796e70192c30b2b7f9c90f7aef
Commit Graph

138 Commits

Author SHA1 Message Date
Tim Möhlmann
fc55c04bda handle PAT scopes 2023-11-15 15:44:14 +02:00
Tim Möhlmann
3584833021 add user_grants to the userinfo query 2023-11-15 14:49:20 +02:00
Tim Möhlmann
1cf627c3f5 legacy introspection flag 2023-11-14 14:31:58 +02:00
Tim Möhlmann
3797f18e5e add config flag for experimental introspection 2023-11-13 19:43:06 +02:00
Tim Möhlmann
9c0f38ef94 remove storage from server 2023-11-13 19:38:52 +02:00
Tim Möhlmann
3294ba4c4b some cleanup 2023-11-13 19:20:01 +02:00
Tim Möhlmann
477d565ffb add avatar URL 2023-11-13 18:27:09 +02:00
Tim Möhlmann
c4cf569164 Merge branch 'main' into perf-introspecion 2023-11-13 18:16:32 +02:00
Tim Möhlmann
8eea5eccd1 get oidc user info from projections and add actions 2023-11-13 18:13:34 +02:00
Tim Möhlmann
42a2c0093d fix: use x-zitadel-forwarded header (#6900) 
fix: use x-zitadel-forward header
 2023-11-10 15:02:53 +00:00
Tim Möhlmann
d69b9999a1 userinfo and project roles in go routines 2023-11-06 20:27:25 +02:00
Tim Möhlmann
c0c86d90c9 drop owner_removed column on apps and authN tables 2023-11-06 15:55:26 +02:00
Livio Spring
f3b8a3aece feat: add possibility to set an expiration to a session (#6851) 
* add lifetime to session api

* extend session with lifetime

* check session token expiration

* fix typo

* integration test to check session token expiration

* integration test to check session token expiration

* i18n

* cleanup

* improve tests

* prevent negative lifetime

* fix error message

* fix lifetime check
 2023-11-06 10:48:28 +01:00
Tim Möhlmann
96a53aa130 logging and otel 2023-11-05 17:26:30 +02:00
Tim Möhlmann
66f91cdc4e client and project in single query 2023-11-05 13:18:17 +02:00
Tim Möhlmann
36baf36877 concurrent token and client checks 2023-11-03 17:21:38 +02:00
Livio Spring
ce322323aa perf(oidc): remove db call for discovery configuration (#6857) 2023-11-03 15:18:57 +00:00
Tim Möhlmann
b816b6f29d improve keyset caching 2023-11-02 18:55:48 +02:00
Tim Möhlmann
9f7f715259 userinfo from events for v2 tokens 2023-11-02 17:27:30 +02:00
Tim Möhlmann
85e22c1521 get key by id and cache them 2023-11-01 15:59:23 +02:00
Tim Möhlmann
94cf30c547 feat(oidc): use the new oidc server interface (#6779) 
* feat(oidc): use the new oidc server interface

* rename from provider to server

* pin logging and oidc packages

* use oidc introspection fix branch

* add overloaded methods with tracing

* cleanup unused code

* include latest oidc fixes

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-10-25 15:44:05 +00:00
Stefan Benz
48ae5d58ac feat: add activity logs on user actions with authentication, resource… (#6748) 
* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* feat: add activity logs on user actions with authentication, resourceAPI and sessionAPI

* fix: add unit tests to info package for context changes

* fix: add activity_interceptor.go suggestion

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* fix: refactoring and fixes through PR review

* fix: add auth service to lists of resourceAPIs

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Fabi <fabienne@zitadel.com>
 2023-10-25 12:09:15 +00:00
adlerhurst
bd23a7a56f merge main into next 2023-10-19 12:34:00 +02:00
Silvan
b5564572bc feat(eventstore): increase parallel write capabilities (#5940) 
This implementation increases parallel write capabilities of the eventstore.
Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and  [06](https://zitadel.com/docs/support/advisory/a10006).
The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`.
If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
 2023-10-19 12:19:10 +02:00
Tim Möhlmann
e6d273b328 chore(deps): bump oidc (#6607) 
* chore(deps): bump oidc

Include the Issuer from Frowarded header feature

* use the new constructor
 2023-09-22 11:05:11 +02:00
Elio Bischof
1a49b7d298 perf: project quotas and usages (#6441) 
* project quota added

* project quota removed

* add periods table

* make log record generic

* accumulate usage

* query usage

* count action run seconds

* fix filter in ReportQuotaUsage

* fix existing tests

* fix logstore tests

* fix typo

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* move notifications into debouncer and improve limit querying

* cleanup

* comment

* fix: add quota unit tests command side

* fix remaining quota usage query

* implement InmemLogStorage

* cleanup and linting

* improve test

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* fix: add quota unit tests command side

* action notifications and fixes for notifications query

* revert console prefix

* fix: add quota unit tests command side

* fix: add quota integration tests

* improve accountable requests

* improve accountable requests

* fix: add quota integration tests

* fix: add quota integration tests

* fix: add quota integration tests

* comment

* remove ability to store logs in db and other changes requested from review

* changes requested from review

* changes requested from review

* Update internal/api/http/middleware/access_interceptor.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* tests: fix quotas integration tests

* improve incrementUsageStatement

* linting

* fix: delete e2e tests as intergation tests cover functionality

* Update internal/api/http/middleware/access_interceptor.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* backup

* fix conflict

* create rc

* create prerelease

* remove issue release labeling

* fix tracing

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
 2023-09-15 16:58:45 +02:00
Livio Spring
be81570fb5 feat(api): move resource apis to beta (#6530) 
Moves UserService, SessionService, SettingsService and OIDCService to beta state. This includes gRPC and HTTP path changes.
 2023-09-13 12:43:01 +00:00
Livio Spring
84faf98bc2 fix: setMetadata in saml and pre access token triggers (#6398) 2023-08-21 14:21:45 +02:00
Stefan Benz
26b28ed2af feat: add saml custom attribute action and translations (#6341) 
* feat: add saml custom attribute action and translations

* chore: update saml dependency

* fix: apply suggestions from code review

Co-authored-by: Livio Spring <livio.a@gmail.com>

* fix: custom attribute action with variadic parameter

* docs: add customize saml response docs

* docs: update docs/docs/apis/actions/customize-samlresponse.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

* docs: update docs/docs/apis/actions/customize-samlresponse.md

Co-authored-by: Livio Spring <livio.a@gmail.com>

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-08-15 15:04:45 +00:00
Livio Spring
7c494fd219 feat(login): add OTP (email and sms) (#6353) 
* feat: login with otp

* fix(i18n): japanese translation

* add missing files

* fix provider change

* add event types translations to en

* add tests

* resourceOwner

* remove unused handler

* fix: secret generators and add comments

* add setup step

* rename

* linting

* fix setup

* improve otp handling

* fix autocomplete

* translations for login and notifications

* translations for event types

* changes from review

* check selected mfa type
 2023-08-15 12:47:05 +00:00
Tim Möhlmann
86af67d1be feat(api/v2): implement U2F session check (#6339) 2023-08-11 15:36:18 +00:00
Livio Spring
a1942ecdaa feat(api): add and remove OTP (SMS and email) (#6295) 
* refactor: rename otp to totp

* feat: add otp sms and email

* implement tests
 2023-08-02 18:57:53 +02:00
Livio Spring
782f7ad647 fix(OIDC): introspection (#6298) 
* fix(OIDC): introspect for PAT

* fix(OIDC): introspect for PAT

* fix(OIDC): introspect

* remove adding projectID into audience
 2023-07-31 13:55:26 +00:00
Livio Spring
59f3c328ec feat(OIDC): add support for end_session for V2 tokens (#6226) 
This PR adds support for the OIDC end_session_endpoint for V2 tokens. Sending an id_token_hint as parameter will directly terminate the underlying (SSO) session and all its tokens. Without this param, the user will be redirected to the Login UI, where he will able to choose if to logout.
 2023-07-19 13:17:39 +02:00
Livio Spring
e1b3cda98a feat(OIDC): support token revocation of V2 tokens (#6203) 
This PR adds support for OAuth2 token revocation of V2 tokens.

Unlike with V1 tokens, it's now possible to revoke a token not only from the authorized client / client which the token was issued to, but rather from all trusted clients (audience)
 2023-07-17 14:33:37 +02:00
Livio Spring
80961125a7 feat(API): support V2 token and session token usage (#6180) 
This PR adds support for userinfo and introspection of V2 tokens. Further V2 access tokens and session tokens can be used for authentication on the ZITADEL API (like the current access tokens).
 2023-07-14 11:16:16 +00:00
Livio Spring
ee26f99ebf fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192) 
This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP)
 2023-07-12 12:24:01 +00:00
Livio Spring
14b8cf4894 feat(api): add OIDC session service (#6157) 
This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow.


Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
 2023-07-10 13:27:00 +00:00
Elio Bischof
c12c2f09a4 fix: switch log level of failed locks to debug (#5746) 2023-04-25 19:20:59 +02:00
Tim Möhlmann
5819924275 feat: device authorization RFC 8628 (#5646) 
* device auth: implement the write events

* add grant type device code

* fix(init): check if default value implements stringer

---------

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
 2023-04-19 08:46:02 +00:00
Stefan Benz
440ba9f5ef fix: update saml to v0.0.11 (#5628) 
* fix: update saml to v0.0.11

* chore: remove unused sum

---------

Co-authored-by: adlerhurst <silvan.reusser@gmail.com>
 2023-04-11 07:39:12 +00:00
Livio Spring
991a56341b fix: role claims mapping (#5601) 
* fix: role claims mapping

* update oidc pkg

* update oidc pkg
 2023-04-04 12:36:39 +00:00
Silvan
e688954308 feat: role claims for service user tokens (#5577) 
tokens of service users can now contain role claims by requesting them through scopes
 2023-04-03 14:26:51 +02:00
Tim Möhlmann
25c3c17986 chore: upgrade to oidc v2 release (#5437) 
* chore: upgrade to oidc v2 release

* fix tests

* fix build errors after rebase

* pin oidc v2.1.0

* pin oidc v2.1.1 (include bugfix)

* pin oidc v2.1.2 (include bugfix)

* pin oidc v2.2.1 (bugfix)

include fix zitadel/oidc#349

* fix: refresh token handling

* simplify cognitive complexity

* fix: handle error

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
 2023-03-28 11:28:56 +00:00
Livio Spring
4ca50e0802 fix: check for empty applicationID on assertRoles (#5509) 
* fix: check for empty applicationID on assertRoles

* remove unintended added file
 2023-03-21 08:59:44 +01:00
Elio Bischof
e00cc187fa fix: make user creation errors helpful (#5382) 
* fix: make user creation errors helpful

* fix linting and unit testing errors

* fix linting

* make zitadel config reusable

* fix human validations

* translate ssr errors

* make zitadel config reusable

* cover more translations for ssr

* handle email validation message centrally

* fix unit tests

* fix linting

* align signatures

* use more precise wording

* handle phone validation message centrally

* fix: return specific profile errors

* docs: edit comments

* fix unit tests

---------

Co-authored-by: Silvan <silvan.reusser@gmail.com>
 2023-03-14 19:20:38 +00:00
Silvan
eb4f7c5d7c fix(auth): update user grants before check (#5406) 2023-03-13 08:03:49 +01:00
Silvan
20e4f1ce57 feat(actions): add fields to complement token flow (#5336) 
* deprecated `ctx.v1.userinfo`-field in "pre userinfo creation" trigger in favour of `ctx.v1.claims`. The trigger now behaves the same as "pre access token creation"
* added `ctx.v1.claims` to "complement tokens" flow
* added `ctx.v1.grants` to "complement tokens" flow
* document `ctx.v1.getUser()` in "complement tokens" flow

* feat(actions): add getUser() and grant

* map user grants

* map claims

* feat(actions): claims in complement token ctx

* docs(actions): add new fields of complement token

* docs(actions): additions to complement token

* docs(actions): correct field names
 2023-03-08 15:26:28 +01:00
Silvan
e38abdcdf3 perf: query data AS OF SYSTEM TIME (#5231) 
Queries the data in the storage layser at the timestamp when the call hit the API layer
 2023-02-27 22:36:43 +01:00
Elio Bischof
681541f41b feat: add quotas (#4779) 
adds possibilities to cap authenticated requests and execution seconds of actions on a defined intervall
 2023-02-15 02:52:11 +01:00