TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 19:44:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
328c409271
zitadel/internal/api/oidc
History
Tim Möhlmann 328c409271
fix(oidc): roles in service user ID token (#8561) 
# Which Problems Are Solved

Return the user's project roles when the
`urn:zitadel:iam:org:projects:roles` scope is requested.
We alreayd returned it for access tokens, now also ID tokens.

# How the Problems Are Solved

Set `idTokenRoleAssertion` to `true` when calling
`accessTokenResponseFromSession` for service users. This parameter is
normally set to the client config. However, service user authentication
does not have a client.

# Additional Changes

- none

# Additional Context

- Introduced in https://github.com/zitadel/zitadel/pull/8046
- Closes https://github.com/zitadel/zitadel/issues/8107

Co-authored-by: Livio Spring <livio.a@gmail.com>
2024-09-11 04:45:59 +00:00
..
integration_test chore(tests): use a coverage server binary (#8407) 2024-09-06 14:47:57 +02:00
access_token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
amr_test.go feat(oidc): token exchange impersonation (#7516) 2024-03-20 10:18:46 +00:00
amr.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
auth_request_converter_test.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter_v2.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request.go feat(oidc): end session by id_token_hint and without cookie (#8542) 2024-09-04 10:14:50 +00:00
client_converter.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
client_credentials.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
client.go fix(oidc): don't push introspection client events (#8481) 2024-08-28 18:19:50 +00:00
device_auth.go fix: provide device auth config (#8419) 2024-08-12 12:55:07 +03:00
error_test.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
error.go fix(oidc): return bad request for base64 errors (#7730) 2024-04-09 08:42:59 +02:00
introspect.go fix(oidc): don't push introspection client events (#8481) 2024-08-28 18:19:50 +00:00
jwt-profile.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
key_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
key.go fix(eventstore): precise decimal (#8527) 2024-09-06 12:19:19 +03:00
op.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
server_test.go chore(tests): use a coverage server binary (#8407) 2024-09-06 14:47:57 +02:00
server.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
token_client_credentials.go fix(oidc): roles in service user ID token (#8561) 2024-09-11 04:45:59 +00:00
token_code.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_device.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
token_exchange_converter.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
token_exchange.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_jwt_profile.go fix(oidc): roles in service user ID token (#8561) 2024-09-11 04:45:59 +00:00
token_refresh.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
userinfo_test.go fix(oidc): respect role assertion and idTokenInfo flags and trigger preAccessToken trigger (#8046) 2024-05-31 10:10:18 +00:00
userinfo.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00