TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-14 11:58:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
41b7bf976d
zitadel/internal/api/oidc
History
Tim Möhlmann 90b908c361
fix(oidc): don't push introspection client events (#8481) 
# Which Problems Are Solved

Do not push secret succeeded and failed events for API and OIDC clients
on the introspection endpoint.
On instances where introspection was fequently called, the pushed events
created issues on duplicate primary keys, due to collisions on the
`sequence` column in the eventstore. As the event pusher retries on this
collision and we pushed above mentioned events async, it would create a
backpressure of concurrent pushers and effectively cripple an instance.

We considered that pushing these events have little value with regards
to the audit trail, as we do not push similar events when client
assertion is used. Also, before #7657 the events were defined, but not
pushed.

# How the Problems Are Solved

- Removed API secret check succeeded and faild event definitions
- Removed OIDC secret check succeeded and faild event definitions
- Push only Hash Updated event when needed

# Additional Changes

- None

# Additional Context

- Fixes https://github.com/zitadel/zitadel/issues/8479
- Closes https://github.com/zitadel/zitadel/issues/8430
- Intoduced in https://github.com/zitadel/zitadel/pull/7657
2024-08-28 18:19:50 +00:00
..
access_token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
amr_test.go feat(oidc): token exchange impersonation (#7516) 2024-03-20 10:18:46 +00:00
amr.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
auth_request_converter_test.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter_v2.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_integration_test.go feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
auth_request.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
client_converter.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
client_credentials.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
client_integration_test.go feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
client.go fix(oidc): don't push introspection client events (#8481) 2024-08-28 18:19:50 +00:00
device_auth.go fix: provide device auth config (#8419) 2024-08-12 12:55:07 +03:00
error_test.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
error.go fix(oidc): return bad request for base64 errors (#7730) 2024-04-09 08:42:59 +02:00
introspect.go fix(oidc): don't push introspection client events (#8481) 2024-08-28 18:19:50 +00:00
jwt-profile.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
key_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
key.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
keys_integration_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
oidc_integration_test.go feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
op.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
server_integration_test.go chore(oidc): add refresh token error integration test (#7766) 2024-04-17 08:38:03 +00:00
server_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
server.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
token_client_credentials_integration_test.go fix(oidc): respect role assertion and idTokenInfo flags and trigger preAccessToken trigger (#8046) 2024-05-31 10:10:18 +00:00
token_client_credentials.go fix(oauth2): correctly return an error on client_credentials and jwt_profile (#8092) 2024-06-12 06:42:50 +00:00
token_code.go fix: correctly set user agent / fingerprint id on user sessions (#8231) 2024-07-03 09:43:34 +02:00
token_device.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
token_exchange_converter.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
token_exchange_integration_test.go feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
token_exchange.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
token_jwt_profile_integration_test.go fix(oidc): respect role assertion and idTokenInfo flags and trigger preAccessToken trigger (#8046) 2024-05-31 10:10:18 +00:00
token_jwt_profile.go fix(oauth2): correctly return an error on client_credentials and jwt_profile (#8092) 2024-06-12 06:42:50 +00:00
token_refresh.go fix(oidc): respect role assertion and idTokenInfo flags and trigger preAccessToken trigger (#8046) 2024-05-31 10:10:18 +00:00
token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
userinfo_integration_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
userinfo_test.go fix(oidc): respect role assertion and idTokenInfo flags and trigger preAccessToken trigger (#8046) 2024-05-31 10:10:18 +00:00
userinfo.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00