TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-10 20:13:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/internal/query/oidc_client_by_id.sql
Livio Spring 50d2b26a28
feat: specify login UI version on instance and apps (#9071) 
# Which Problems Are Solved

To be able to migrate or test the new login UI, admins might want to
(temporarily) switch individual apps.
At a later point admin might want to make sure all applications use the
new login UI.

# How the Problems Are Solved

- Added a feature flag `` on instance level to require all apps to use
the new login and provide an optional base url.
- if the flag is enabled, all (OIDC) applications will automatically use
the v2 login.
  - if disabled, applications can decide based on their configuration
- Added an option on OIDC apps to use the new login UI and an optional
base url.
- Removed the requirement to use `x-zitadel-login-client` to be
redirected to the login V2 and retrieve created authrequest and link
them to SSO sessions.
- Added a new "IAM_LOGIN_CLIENT" role to allow management of users,
sessions, grants and more without `x-zitadel-login-client`.

# Additional Changes

None

# Additional Context

closes https://github.com/zitadel/zitadel/issues/8702
2024-12-19 10:37:46 +01:00

50 lines
2.0 KiB
SQL
Raw Blame History

with client as (
select c.instance_id,
c.app_id, a.state, c.client_id, c.back_channel_logout_uri, c.client_secret, c.redirect_uris, c.response_types,
c.grant_types, c.application_type, c.auth_method_type, c.post_logout_redirect_uris, c.is_dev_mode,
c.access_token_type, c.access_token_role_assertion, c.id_token_role_assertion,
c.id_token_userinfo_assertion, c.clock_skew, c.additional_origins, a.project_id, p.project_role_assertion,
c.login_version, c.login_base_uri
from projections.apps7_oidc_configs c
join projections.apps7 a on a.id = c.app_id and a.instance_id = c.instance_id and a.state = 1
join projections.projects4 p on p.id = a.project_id and p.instance_id = a.instance_id and p.state = 1
join projections.orgs1 o on o.id = p.resource_owner and o.instance_id = c.instance_id and o.org_state = 1
where c.instance_id = $1
and c.client_id = $2
),
roles as (
select p.project_id, json_agg(p.role_key) as project_role_keys
from projections.project_roles4 p
join client c on c.project_id = p.project_id
and p.instance_id = c.instance_id
group by p.project_id
),
keys as (
select identifier as client_id, json_object_agg(id, encode(public_key, 'base64')) as public_keys
from projections.authn_keys2
where $3 = true -- when argument is false, don't waste time on trying to query for keys.
and instance_id = $1
and identifier = $2
and expiration > current_timestamp
group by identifier
),
settings as (
select instance_id, json_build_object(
'access_token_lifetime', access_token_lifetime,
'id_token_lifetime', id_token_lifetime,
'refresh_token_idle_expiration', refresh_token_idle_expiration,
'refresh_token_expiration', refresh_token_expiration
) as settings
from projections.oidc_settings2
where aggregate_id = $1
and instance_id = $1
)
select row_to_json(r) as client from (
select c.*, r.project_role_keys, k.public_keys, s.settings
from client c
left join roles r on r.project_id = c.project_id
left join keys k on k.client_id = c.client_id
left join settings s on s.instance_id = c.instance_id
) r;
Reference in New Issue View Git Blame Copy Permalink