TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 19:44:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
9ec9ad4314
zitadel/internal/api/oidc
History
Livio Spring 9ec9ad4314
feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 
# Which Problems Are Solved

id_tokens issued for auth requests created through the login UI
currently do not provide a sid claim.
This is due to the fact that (SSO) sessions for the login UI do not have
one and are only computed by the userAgent(ID), the user(ID) and the
authentication checks of the latter.

This prevents client to track sessions and terminate specific session on
the end_session_endpoint.

# How the Problems Are Solved

- An `id` column is added to the `auth.user_sessions` table.
- The `id` (prefixed with `V1_`) is set whenever a session is added or
updated to active (from terminated)
- The id is passed to the `oidc session` (as v2 sessionIDs), to expose
it as `sid` claim

# Additional Changes

- refactored `getUpdateCols` to handle different column value types and
add arguments for query

# Additional Context

- closes #8499 
- relates to #8501
2024-09-03 13:19:00 +00:00
..
access_token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
amr_test.go feat(oidc): token exchange impersonation (#7516) 2024-03-20 10:18:46 +00:00
amr.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
auth_request_converter_test.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter_v2.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_converter.go fix(oidc): store requested response_mode (#8145) 2024-06-17 09:50:12 +00:00
auth_request_integration_test.go feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
auth_request.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
client_converter.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
client_credentials.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
client_integration_test.go feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
client.go fix(oidc): don't push introspection client events (#8481) 2024-08-28 18:19:50 +00:00
device_auth.go fix: provide device auth config (#8419) 2024-08-12 12:55:07 +03:00
error_test.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
error.go fix(oidc): return bad request for base64 errors (#7730) 2024-04-09 08:42:59 +02:00
introspect.go fix(oidc): don't push introspection client events (#8481) 2024-08-28 18:19:50 +00:00
jwt-profile.go fix: uniform oidc errors (#7237) 2024-01-18 07:10:49 +01:00
key_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
key.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
keys_integration_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
oidc_integration_test.go feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
op.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
server_integration_test.go chore(oidc): add refresh token error integration test (#7766) 2024-04-17 08:38:03 +00:00
server_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
server.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
token_client_credentials_integration_test.go fix(oidc): respect role assertion and idTokenInfo flags and trigger preAccessToken trigger (#8046) 2024-05-31 10:10:18 +00:00
token_client_credentials.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_code.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_device.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00
token_exchange_converter.go perf(oidc): optimize token creation (#7822) 2024-05-16 07:07:56 +02:00
token_exchange_integration_test.go feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
token_exchange.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_jwt_profile_integration_test.go fix(oidc): respect role assertion and idTokenInfo flags and trigger preAccessToken trigger (#8046) 2024-05-31 10:10:18 +00:00
token_jwt_profile.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token_refresh.go feat(oidc): sid claim for id_tokens issued through login V1 (#8525) 2024-09-03 13:19:00 +00:00
token.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
userinfo_integration_test.go feat(oidc): use web keys for token signing and verification (#8449) 2024-08-23 14:43:46 +02:00
userinfo_test.go fix(oidc): respect role assertion and idTokenInfo flags and trigger preAccessToken trigger (#8046) 2024-05-31 10:10:18 +00:00
userinfo.go feat(oidc): allow returning of parent errors to client (#8376) 2024-08-20 06:45:24 +00:00