TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-02 14:22:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
88213d785ab2ee0249ec54a7b453c484c02a7c53
zitadel/internal/domain
History
Yann Soubeyrand 88213d785a fix(oidc): accept localhost redirect URIs without path nor port (#10836) 
# Which Problems Are Solved

Some native OIDC applications use localhost without a path as redirect
URI. Currently, setting `http://localhost` as a redirect URI leads to a
compliance warning (`Redirect URIs must begin with your own protocol,
http://127.0.0.1, http://[::1] or http://localhost.`), while
`http://localhost/some/path` and `http://localhost:some-port` are
accepted).

# How the Problems Are Solved

This PR adds additional checks to accept `http://localhost`,
`http://127.0.0.1`, `http://[::1]` and `http://[0:0:0:0:0:0:0:1]` (their
counterpart with port and with path were already accepted).

---------

Co-authored-by: Marco Ardizzone <marco@zitadel.com>
2025-10-21 10:10:49 +00:00
..
federatedlogout
feat: federated logout for SAML IdPs (#9931)
2025-05-23 13:52:25 +02:00
mock
feat: App Keys API v2 (#10140)
2025-07-02 07:34:19 +00:00
schema
feat: add schema user create and remove (#8494)
2024-08-28 19:46:45 +00:00
testdata/fuzz/FuzzFromRefreshToken
fix(crypto): reject decrypted strings with non-UTF8 characters. (#8374)
2024-08-02 08:38:37 +00:00
action.go
feat: actions v2 for functions (#9420)
2025-03-04 11:09:30 +00:00
application_api.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
application_key.go
application_oauth.go
feat(6222): remove @ and project from OIDC client ID (#8178)
2024-07-04 08:31:40 +00:00
application_oidc_test.go
fix(oidc): accept localhost redirect URIs without path nor port (#10836)
2025-10-21 10:10:49 +00:00
application_oidc.go
fix(oidc): accept localhost redirect URIs without path nor port (#10836)
2025-10-21 10:10:49 +00:00
application_saml.go
feat: App API v2 (#10077)
2025-06-27 17:25:44 +02:00
application.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
asset.go
auth_request_test.go
feat(oidc): id token for device authorization (#7088)
2023-12-20 13:21:08 +01:00
auth_request.go
feat: add PKCE option to generic OAuth2 / OIDC identity providers (#9373)
2025-02-26 12:20:47 +00:00
authn_key.go
browser_info.go
fix: correctly set user agent / fingerprint id on user sessions (#8231)
2024-07-03 09:43:34 +02:00
bucket.go
count_trigger.go
feat(projections): resource counters (#9979)
2025-06-03 14:15:30 +00:00
countparenttype_enumer.go
feat(projections): resource counters (#9979)
2025-06-03 14:15:30 +00:00
custom_login_text.go
fix: automatically link user without prompt (#8487)
2024-08-28 05:33:20 +00:00
custom_message_text.go
feat: invite user link (#8578)
2024-09-11 10:53:55 +00:00
custom_text.go
debug_events.go
feat: add debug events API (#8533)
2024-09-11 08:24:00 +00:00
device_auth_test.go
feat(oidc): id token for device authorization (#7088)
2023-12-20 13:21:08 +01:00
device_auth.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
deviceauthstate_string.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
execution.go
feat: add action v2 execution on requests and responses (#7637)
2024-05-04 11:55:57 +02:00
expiration.go
factors.go
feature.go
fix: add action v2 execution to features (#7597)
2024-04-09 20:21:21 +03:00
flow.go
feat: actions v2 for functions (#9420)
2025-03-04 11:09:30 +00:00
group.go
feat(group): add group permissions (#10853)
2025-10-21 11:18:21 +02:00
human_address.go
human_email_test.go
human_email.go
human_otp.go
fix: import totp in add human user with secret (#7936)
2024-05-14 09:20:31 +02:00
human_password.go
feat(crypto): use passwap for machine and app secrets (#7657)
2024-04-05 09:35:49 +00:00
human_phone_test.go
human_phone.go
feat: Add Twilio Verification Service (#8678)
2024-09-26 09:14:33 +02:00
human_profile.go
human_test.go
human_web_auth_n.go
feat(notification): use event worker pool (#8962)
2024-11-27 15:01:17 +00:00
human.go
fix(import): add tracing spans to all import related functions (#8160)
2024-06-19 12:56:33 +02:00
idp_config.go
idp.go
Merge commit from fork
2025-05-02 13:44:24 +02:00
instance_domain.go
instance.go
key_pair.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
language.go
machine_key.go
fix: add expiration date information to service users keys (#7497)
2024-03-13 18:21:19 +00:00
machine.go
member.go
feat: user profile requests in resource APIs (#10151)
2025-07-04 18:12:59 +02:00
metadata.go
mfa.go
refactor: cleanup unused code (#7130)
2024-01-02 14:26:31 +00:00
next_step.go
feat: invite user link (#8578)
2024-09-11 10:53:55 +00:00
notification.go
feat(notification): use event worker pool (#8962)
2024-11-27 15:01:17 +00:00
object.go
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
oidc_code_challenge.go
oidc_error_reason_test.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
oidc_error_reason.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
oidc_mapping_field.go
oidc_session.go
oidc_settings.go
oidcresponsemode_enumer.go
fix(oidc): store requested response_mode (#8145)
2024-06-17 09:50:12 +00:00
org_domain_test.go
org_domain.go
org.go
fix(org): adding unique constrants to not allow an org to be added twice with same id (#10243)
2025-07-16 10:07:12 +00:00
organization_settings.go
feat: organization settings for user uniqueness (#10246)
2025-07-29 15:56:21 +02:00
permission.go
feat(group): add group permissions (#10853)
2025-10-21 11:18:21 +02:00
policy_domain.go
policy_label_test.go
policy_label.go
refactor: cleanup unused code (#7130)
2024-01-02 14:26:31 +00:00
policy_login_test.go
policy_login.go
fix(login): correct rendering of idps (#7151)
2024-01-05 14:35:51 +00:00
policy_mail_template.go
policy_password_age.go
policy_password_complexity.go
policy_password_lockout.go
feat: provide option to limit (T)OTP checks (#7693)
2024-04-10 09:14:55 +00:00
policy_privacy.go
feat(cnsl): docs link can be customized and custom button is available (#7840)
2024-05-13 16:01:50 +02:00
policy.go
refactor: cleanup unused code (#7130)
2024-01-02 14:26:31 +00:00
project_grant_member.go
refactor: cleanup unused code (#7130)
2024-01-02 14:26:31 +00:00
project_grant.go
feat: project v2beta resource API (#9742)
2025-05-21 14:40:47 +02:00
project_role.go
feat: project v2beta resource API (#9742)
2025-05-21 14:40:47 +02:00
project.go
provider.go
refactor: cleanup unused code (#7130)
2024-01-02 14:26:31 +00:00
refresh_token_test.go
fix(crypto): reject decrypted strings with non-UTF8 characters. (#8374)
2024-08-02 08:38:37 +00:00
refresh_token.go
fix(crypto): reject decrypted strings with non-UTF8 characters. (#8374)
2024-08-02 08:38:37 +00:00
request.go
fix: Revert "feat(oidc): Added new claim in userinfo response to return all requested audience roles (#9861)" (#10874)
2025-10-09 10:29:49 +00:00
roles.go
feat: initial admin PAT has IAM_LOGIN_CLIENT (#10143)
2025-07-02 09:14:36 +00:00
saml_error_reason.go
feat: add saml request to link to sessions (#9001)
2024-12-19 11:11:40 +00:00
saml_request.go
feat: add saml request to link to sessions (#9001)
2024-12-19 11:11:40 +00:00
saml_session.go
feat: add saml request to link to sessions (#9001)
2024-12-19 11:11:40 +00:00
search_method.go
secret_generator.go
feat: action v2 signing (#8779)
2024-11-28 10:06:52 +00:00
secretgeneratortype_enumer.go
feat(projections): resource counters (#9979)
2025-06-03 14:15:30 +00:00
session.go
fix: pass sessionID to OTP email link (#8745)
2024-10-10 13:53:32 +00:00
sms.go
smtp.go
feat: SMTP Templates (#6932)
2024-04-11 09:16:10 +02:00
target.go
perf(actionsv2): execution target router (#10564)
2025-09-01 07:21:10 +02:00
token_test.go
feat(oidc): organization roles scope (#8120)
2024-06-14 10:00:43 +02:00
token.go
feat(oidc): organization roles scope (#8120)
2024-06-14 10:00:43 +02:00
tokenreason_enumer.go
feat(oidc): token exchange impersonation (#7516)
2024-03-20 10:18:46 +00:00
url_template_test.go
url_template.go
feat(notification): use event worker pool (#8962)
2024-11-27 15:01:17 +00:00
user_agent_test.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
user_agent.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
user_grant.go
user_idp_link.go
user_schema.go
feat: implement user schema management (#7416)
2024-03-12 13:50:13 +00:00
user_v2_passkey_test.go
user_v2_passkey.go
user.go
fix(oidc): IDP and passwordless user auth methods (#7998)
2024-05-28 08:59:49 +00:00
web_key.go
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00