zitadel/internal/api
Livio Spring 4c83493ad2
fix: user grants deactivation (#8634)
# Which Problems Are Solved

ZITADEL's user grants deactivation mechanism did not work correctly.
Deactivated user grants were still provided in token, which could lead
to unauthorized access to applications and resources.
Additionally, the management and auth API always returned the state as
active or did not provide any information about the state.

# How the Problems Are Solved

- Correctly check the user grant state on active for tokens and user
information (userinfo, introspection, saml attributes)
- Map state in API and display in Console

(cherry picked from commit ca1914e235)
2024-09-17 15:35:36 +02:00
..
assets feat: trusted (instance) domains (#8369) 2024-07-31 18:00:38 +03:00
authz fix: race condition in system jwt signature check (#8618) 2024-09-13 17:18:37 +02:00
call fix: reset the call timestamp after a bulk trigger (#6080) 2023-07-07 08:15:05 +00:00
grpc fix: user grants deactivation (#8634) 2024-09-17 15:35:36 +02:00
http feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
idp chore(tests): use a coverage server binary (#8407) 2024-09-06 14:47:57 +02:00
info fix: correct method and path for session api activity (#6880) 2023-11-22 12:12:23 +02:00
oidc fix: user grants deactivation (#8634) 2024-09-17 15:35:36 +02:00
robots_txt fix: introduce measures to avoid bots crawling and indexing activities (#5728) 2023-05-05 10:25:02 +02:00
saml fix: user grants deactivation (#8634) 2024-09-17 15:35:36 +02:00
service fix(eventstore): tests 2020-11-26 09:19:14 +01:00
ui feat: invite user link (#8578) 2024-09-11 10:53:55 +00:00
api.go feat: trusted (instance) domains (#8369) 2024-07-31 18:00:38 +03:00