mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-15 23:28:36 +00:00
2691dae2b6
# Which Problems Are Solved This PR *partially* addresses #9450 . Specifically, it implements the resource based API for the apps. APIs for app keys ARE not part of this PR. # How the Problems Are Solved - `CreateApplication`, `PatchApplication` (update) and `RegenerateClientSecret` endpoints are now unique for all app types: API, SAML and OIDC apps. - All new endpoints have integration tests - All new endpoints are using permission checks V2 # Additional Changes - The `ListApplications` endpoint allows to do sorting (see protobuf for details) and filtering by app type (see protobuf). - SAML and OIDC update endpoint can now receive requests for partial updates # Additional Context Partially addresses #9450
111 lines
2.6 KiB
Go
111 lines
2.6 KiB
Go
package model
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/muhlemmer/gu"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
|
)
|
|
|
|
type OIDCConfig struct {
|
|
es_models.ObjectRoot
|
|
AppID string
|
|
ClientID string
|
|
ClientSecret *crypto.CryptoValue
|
|
ClientSecretString string
|
|
RedirectUris []string
|
|
ResponseTypes []OIDCResponseType
|
|
GrantTypes []OIDCGrantType
|
|
ApplicationType OIDCApplicationType
|
|
AuthMethodType OIDCAuthMethodType
|
|
PostLogoutRedirectUris []string
|
|
OIDCVersion OIDCVersion
|
|
Compliance *Compliance
|
|
DevMode bool
|
|
AccessTokenType OIDCTokenType
|
|
AccessTokenRoleAssertion bool
|
|
IDTokenRoleAssertion bool
|
|
IDTokenUserinfoAssertion bool
|
|
ClockSkew time.Duration
|
|
}
|
|
|
|
type OIDCVersion int32
|
|
|
|
const (
|
|
OIDCVersionV1 OIDCVersion = iota
|
|
)
|
|
|
|
type OIDCResponseType int32
|
|
|
|
const (
|
|
OIDCResponseTypeCode OIDCResponseType = iota
|
|
OIDCResponseTypeIDToken
|
|
OIDCResponseTypeIDTokenToken
|
|
)
|
|
|
|
type OIDCGrantType int32
|
|
|
|
const (
|
|
OIDCGrantTypeAuthorizationCode OIDCGrantType = iota
|
|
OIDCGrantTypeImplicit
|
|
OIDCGrantTypeRefreshToken
|
|
)
|
|
|
|
type OIDCApplicationType int32
|
|
|
|
const (
|
|
OIDCApplicationTypeWeb OIDCApplicationType = iota
|
|
OIDCApplicationTypeUserAgent
|
|
OIDCApplicationTypeNative
|
|
)
|
|
|
|
type OIDCAuthMethodType int32
|
|
|
|
const (
|
|
OIDCAuthMethodTypeBasic OIDCAuthMethodType = iota
|
|
OIDCAuthMethodTypePost
|
|
OIDCAuthMethodTypeNone
|
|
OIDCAuthMethodTypePrivateKeyJWT
|
|
)
|
|
|
|
type Compliance struct {
|
|
NoneCompliant bool
|
|
Problems []string
|
|
}
|
|
|
|
type OIDCTokenType int32
|
|
|
|
const (
|
|
OIDCTokenTypeBearer OIDCTokenType = iota
|
|
OIDCTokenTypeJWT
|
|
)
|
|
|
|
type Token struct {
|
|
es_models.ObjectRoot
|
|
|
|
TokenID string
|
|
ClientID string
|
|
Audience []string
|
|
Expiration time.Time
|
|
Scopes []string
|
|
}
|
|
|
|
func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTypes []OIDCGrantType, responseTypes []OIDCResponseType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
|
|
switch version {
|
|
case OIDCVersionV1:
|
|
domainGrantTypes := make([]domain.OIDCGrantType, len(grantTypes))
|
|
for i, grantType := range grantTypes {
|
|
domainGrantTypes[i] = domain.OIDCGrantType(grantType)
|
|
}
|
|
compliance := domain.GetOIDCV1Compliance(gu.Ptr(domain.OIDCApplicationType(appType)), domainGrantTypes, gu.Ptr(domain.OIDCAuthMethodType(authMethod)), redirectUris)
|
|
return &Compliance{
|
|
NoneCompliant: compliance.NoneCompliant,
|
|
Problems: compliance.Problems,
|
|
}
|
|
}
|
|
return nil
|
|
}
|