TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-23 14:37:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
da63abd1ad2bb922208c38d91f9d0384b3ece25c
zitadel/internal/api/oidc
History
Livio Spring b8bff3cdea fix: Revert "feat(oidc): Added new claim in userinfo response to return all requested audience roles (#9861)" (#10874) 
# Which Problems Are Solved

#9861 added a `urn:zitadel:iam:org:projects:roles` claims to include all
roles from all requested roles. The intention was to return them on the
userinfo endpoint. But since the claims might also be returned in the id
and access tokens, they can grow big quite fast and break the size
limits for headers.

# How the Problems Are Solved

This PR revert the feature. The information for roles of other projects
is already available as a dedicated claim (for each project):
```json
  "urn:zitadel:iam:org:project:328813096124547391:roles": {
    "r2": {
      "306639557921669515": "zitadel.localhost"
    },
    "r3": {
      "306639557921669515": "zitadel.localhost"
    },
    "role": {
      "306639557921669515": "zitadel.localhost"
    }
  },
  "urn:zitadel:iam:org:project:341406882914631999:roles": {
    "role": {
      "306639557921669515": "zitadel.localhost",
      "328237605990695334": "aa.localhost"
    },
    "test": {
      "306639557921669515": "zitadel.localhost",
      "328237605990695334": "aa.localhost"
    }
  },
  "urn:zitadel:iam:org:project:roles": {
    "r2": {
      "306639557921669515": "zitadel.localhost"
    },
    "r3": {
      "306639557921669515": "zitadel.localhost"
    },
    "role": {
      "306639557921669515": "zitadel.localhost"
    }
  }
 ```

# Additional Changes

None

# Additional Context

- relates to #9861 
- noted issues in production
- requires backport to v4.x
2025-10-09 10:29:49 +00:00
..
integration_test
fix: Revert "feat(oidc): Added new claim in userinfo response to return all requested audience roles (#9861)" (#10874)
2025-10-09 10:29:49 +00:00
access_token.go
chore(oidc): remove feature flag for introspection triggers (#10132)
2025-06-30 05:48:04 +00:00
amr_test.go
feat(oidc): token exchange impersonation (#7516)
2024-03-20 10:18:46 +00:00
amr.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
auth_request_converter_test.go
fix(oidc): prompts slice conversion function returns slice which contains unexpected empty strings (#8997)
2024-12-04 20:56:36 +00:00
auth_request_converter_v2.go
fix(oidc): store requested response_mode (#8145)
2024-06-17 09:50:12 +00:00
auth_request_converter.go
chore(oidc): graduate webkey to stable (#10122)
2025-06-26 19:17:45 +03:00
auth_request_test.go
feat(OIDC): handle logout hint on end_session_endpoint (#10039)
2025-07-28 13:55:55 +00:00
auth_request.go
feat(OIDC): handle logout hint on end_session_endpoint (#10039)
2025-07-28 13:55:55 +00:00
client_converter.go
feat: specify login UI version on instance and apps (#9071)
2024-12-19 10:37:46 +01:00
client_credentials.go
fix: remove legacy events (#10464)
2025-08-19 15:22:34 +02:00
client.go
fix: Revert "feat(oidc): Added new claim in userinfo response to return all requested audience roles (#9861)" (#10874)
2025-10-09 10:29:49 +00:00
device_auth.go
chore(oidc): remove legacy storage methods (#10061)
2025-06-26 08:08:37 +00:00
error_test.go
fix: uniform oidc errors (#7237)
2024-01-18 07:10:49 +01:00
error.go
chore: update dependencies (#9784)
2025-05-19 10:16:49 +00:00
introspect.go
feat: actions context information add clientID (#10339)
2025-07-29 00:08:12 +02:00
jwt-profile.go
chore(oidc): remove legacy storage methods (#10061)
2025-06-26 08:08:37 +00:00
key_test.go
feat(oidc): use web keys for token signing and verification (#8449)
2024-08-23 14:43:46 +02:00
key.go
chore(oidc): graduate webkey to stable (#10122)
2025-06-26 19:17:45 +03:00
op.go
perf(actionsv2): execution target router (#10564)
2025-09-01 07:21:10 +02:00
server_test.go
chore(oidc): graduate webkey to stable (#10122)
2025-06-26 19:17:45 +03:00
server.go
fix(oidc): ignore invalid id_token_hints (#10682)
2025-09-10 06:25:25 +00:00
token_client_credentials.go
fix(oidc): do not return access token for response type id_token (#8777)
2024-11-12 15:20:48 +00:00
token_code.go
fix(OIDC): back channel logout work for custom UI (#9487)
2025-03-11 14:19:09 +00:00
token_device.go
fix(OIDC): back channel logout work for custom UI (#9487)
2025-03-11 14:19:09 +00:00
token_exchange_converter.go
perf(oidc): optimize token creation (#7822)
2024-05-16 07:07:56 +02:00
token_exchange.go
feat: actions context information add clientID (#10339)
2025-07-29 00:08:12 +02:00
token_jwt_profile.go
fix(oidc): do not return access token for response type id_token (#8777)
2024-11-12 15:20:48 +00:00
token_refresh.go
fix(oidc): do not return access token for response type id_token (#8777)
2024-11-12 15:20:48 +00:00
token.go
feat: actions context information add clientID (#10339)
2025-07-29 00:08:12 +02:00
userinfo_test.go
fix(oidc): always set sub claim (#8598)
2024-09-12 12:36:33 +00:00
userinfo.go
fix: Revert "feat(oidc): Added new claim in userinfo response to return all requested audience roles (#9861)" (#10874)
2025-10-09 10:29:49 +00:00