TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-14 11:58:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
5b40af79f0
zitadel/internal/api/oidc
History
Livio Spring 5b40af79f0
fix: correctly check user state (#8631) 
# Which Problems Are Solved

ZITADEL's user account deactivation mechanism did not work correctly
with service accounts. Deactivated service accounts retained the ability
to request tokens, which could lead to unauthorized access to
applications and resources.

# How the Problems Are Solved

Additionally to checking the user state on the session API and login UI,
the state is checked on all oidc session methods resulting in a new
token or when returning the user information (userinfo, introspection,
id_token / access_token and saml attributes)
2024-09-17 13:21:49 +00:00
..
integration_test fix: correctly check user state (#8631) 2024-09-17 13:21:49 +00:00
access_token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
amr_test.go feat(oidc): token exchange impersonation (#7516) 2024-03-20 10:18:46 +00:00
amr.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
auth_request_converter_test.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter_v2.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request.go feat(oidc): end session by id_token_hint and without cookie (#8542) 2024-09-04 10:14:50 +00:00
client_converter.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
client_credentials.go perf(oidc): remove get user by ID from jwt profile grant (#8580) 2024-09-11 12:04:09 +03:00
client.go fix: correctly check user state (#8631) 2024-09-17 13:21:49 +00:00
device_auth.go fix: provide device auth config (#8419) 2024-08-12 12:55:07 +03:00
error_test.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
error.go fix(oidc): return bad request for base64 errors (#7730) 2024-04-09 08:42:59 +02:00
introspect.go fix: correctly check app state on authentication (#8630) 2024-09-17 11:34:14 +00:00
jwt-profile.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
key_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
key.go fix(eventstore): precise decimal (#8527) 2024-09-06 12:19:19 +03:00
op.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
server_test.go chore(tests): use a coverage server binary (#8407) 2024-09-06 14:47:57 +02:00
server.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
token_client_credentials.go perf(oidc): remove get user by ID from jwt profile grant (#8580) 2024-09-11 12:04:09 +03:00
token_code.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_device.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
token_exchange_converter.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
token_exchange.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_jwt_profile.go perf(oidc): remove get user by ID from jwt profile grant (#8580) 2024-09-11 12:04:09 +03:00
token_refresh.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
userinfo_test.go fix(oidc): always set sub claim (#8598) 2024-09-12 12:36:33 +00:00
userinfo.go fix: correctly check user state (#8631) 2024-09-17 13:21:49 +00:00