TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-23 15:36:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c3a3766445d07040f6d4e74d42c98ffa8977f948
zitadel/internal/api/oidc/integration_test
History
Livio Spring 8a3b5848dc fix: Revert "feat(oidc): Added new claim in userinfo response to return all requested audience roles (#9861)" (#10874) 
# Which Problems Are Solved

#9861 added a `urn:zitadel:iam:org:projects:roles` claims to include all
roles from all requested roles. The intention was to return them on the
userinfo endpoint. But since the claims might also be returned in the id
and access tokens, they can grow big quite fast and break the size
limits for headers.

# How the Problems Are Solved

This PR revert the feature. The information for roles of other projects
is already available as a dedicated claim (for each project):
```json
  "urn:zitadel:iam:org:project:328813096124547391:roles": {
    "r2": {
      "306639557921669515": "zitadel.localhost"
    },
    "r3": {
      "306639557921669515": "zitadel.localhost"
    },
    "role": {
      "306639557921669515": "zitadel.localhost"
    }
  },
  "urn:zitadel:iam:org:project:341406882914631999:roles": {
    "role": {
      "306639557921669515": "zitadel.localhost",
      "328237605990695334": "aa.localhost"
    },
    "test": {
      "306639557921669515": "zitadel.localhost",
      "328237605990695334": "aa.localhost"
    }
  },
  "urn:zitadel:iam:org:project:roles": {
    "r2": {
      "306639557921669515": "zitadel.localhost"
    },
    "r3": {
      "306639557921669515": "zitadel.localhost"
    },
    "role": {
      "306639557921669515": "zitadel.localhost"
    }
  }
 ```

# Additional Changes

None

# Additional Context

- relates to #9861
- noted issues in production
- requires backport to v4.x

(cherry picked from commit b8bff3cdea)
2025-10-09 15:37:37 +02:00
..
auth_request_test.go
feat(OIDC): handle logout hint on end_session_endpoint (#10039)
2025-07-28 13:55:55 +00:00
client_test.go
chore: move gofakeit integration testing calls (#10684)
2025-09-12 10:45:18 +02:00
keys_test.go
chore(oidc): graduate webkey to stable (#10122)
2025-06-26 19:17:45 +03:00
oidc_test.go
chore: move gofakeit integration testing calls (#10684)
2025-09-12 10:45:18 +02:00
server_test.go
chore: remove parallel running in integration tests (#8904)
2024-11-27 15:32:13 +01:00
token_client_credentials_test.go
chore: move gofakeit integration testing calls (#10684)
2025-09-12 10:45:18 +02:00
token_device_test.go
chore: move gofakeit integration testing calls (#10684)
2025-09-12 10:45:18 +02:00
token_exchange_test.go
chore(oidc): remove legacy storage methods (#10061)
2025-06-26 08:08:37 +00:00
token_jwt_profile_test.go
fix(oauth): check key expiry on JWT Profile Grant
2025-03-31 12:49:56 +02:00
userinfo_test.go
fix: Revert "feat(oidc): Added new claim in userinfo response to return all requested audience roles (#9861)" (#10874)
2025-10-09 15:37:37 +02:00