TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-14 20:08:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
4c83493ad2
zitadel/internal/api/oidc
History
Livio Spring 4c83493ad2
fix: user grants deactivation (#8634) 
# Which Problems Are Solved

ZITADEL's user grants deactivation mechanism did not work correctly.
Deactivated user grants were still provided in token, which could lead
to unauthorized access to applications and resources.
Additionally, the management and auth API always returned the state as
active or did not provide any information about the state.

# How the Problems Are Solved

- Correctly check the user grant state on active for tokens and user
information (userinfo, introspection, saml attributes)
- Map state in API and display in Console

(cherry picked from commit ca1914e235)
2024-09-17 15:35:36 +02:00
..
integration_test fix: correctly check app state on authentication (#8630) 2024-09-17 15:35:32 +02:00
access_token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
amr_test.go feat(oidc): token exchange impersonation (#7516) 2024-03-20 10:18:46 +00:00
amr.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
auth_request_converter_test.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter_v2.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request.go feat(oidc): end session by id_token_hint and without cookie (#8542) 2024-09-04 10:14:50 +00:00
client_converter.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
client_credentials.go perf(oidc): remove get user by ID from jwt profile grant (#8580) 2024-09-11 12:04:09 +03:00
client.go fix: user grants deactivation (#8634) 2024-09-17 15:35:36 +02:00
device_auth.go fix: provide device auth config (#8419) 2024-08-12 12:55:07 +03:00
error_test.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
error.go fix(oidc): return bad request for base64 errors (#7730) 2024-04-09 08:42:59 +02:00
introspect.go fix: correctly check app state on authentication (#8630) 2024-09-17 15:35:32 +02:00
jwt-profile.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
key_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
key.go fix(eventstore): precise decimal (#8527) 2024-09-06 12:19:19 +03:00
op.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
server_test.go chore(tests): use a coverage server binary (#8407) 2024-09-06 14:47:57 +02:00
server.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
token_client_credentials.go perf(oidc): remove get user by ID from jwt profile grant (#8580) 2024-09-11 12:04:09 +03:00
token_code.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_device.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
token_exchange_converter.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
token_exchange.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_jwt_profile.go perf(oidc): remove get user by ID from jwt profile grant (#8580) 2024-09-11 12:04:09 +03:00
token_refresh.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
userinfo_test.go fix(oidc): always set sub claim (#8598) 2024-09-12 12:36:33 +00:00
userinfo.go fix(oidc): always set sub claim (#8598) 2024-09-12 12:36:33 +00:00