Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update module github.com/zitadel/oidc to v3.23.2 #2416

Merged
merged 2 commits into from
May 14, 2024
Merged

fix(deps): update module github.com/zitadel/oidc to v3.23.2 #2416

merged 2 commits into from
May 14, 2024
+19 −21

Conversation

trap-renovate[bot]
Copy link
Contributor

@trap-renovate trap-renovate bot commented May 8, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
github.com/zitadel/oidc require major v1.13.5 -> v3.23.2

Release Notes

zitadel/oidc (github.com/zitadel/oidc)

v3.23.2

Compare Source

Bug Fixes
  • Omit non-standard, empty fields in RefreshTokenRequest when performing a token refresh (#​599) (5a84d8c)

v3.23.1

Compare Source

Bug Fixes

v3.23.0

Compare Source

Features
  • op: authorize callback handler as argument in legacy server registration (#​598) (37ca0e4)

v3.22.1

Compare Source

Bug Fixes

v3.22.0

Compare Source

Features
  • Added the ability to verify ID tokens using the value of id_token_signing_alg_values_supported retrieved from DiscoveryEndpoint (#​579) (68d4e08), closes #​574

v3.21.0

Compare Source

Features

v3.20.1

Compare Source

Bug Fixes

v3.20.0

Compare Source

Features
  • support verification_url workaround for DeviceAuthorizationResponse unmarshal (#​577) (e75a061)

v3.19.0

Compare Source

Features

v3.18.0

Compare Source

Features

v3.17.0

Compare Source

Features

v3.16.0

Compare Source

Features

v3.15.0

Compare Source

Features

v3.14.0

Compare Source

Features

v3.13.0

Compare Source

Features

v3.12.0

Compare Source

Features

v3.11.2

Compare Source

Bug Fixes

v3.11.1

Compare Source

Bug Fixes

v3.11.0

Compare Source

Features
  • op: split the access and ID token hint verifiers (#​525) (e9bd7d7)

v3.10.3

Compare Source

Bug Fixes

v3.10.2

Compare Source

Bug Fixes

v3.10.1

Compare Source

Bug Fixes

v3.10.0

Compare Source

Features

v3.9.1

Compare Source

Bug Fixes

v3.9.0

Compare Source

Features

v3.8.1

Compare Source

Bug Fixes
  • oidc: ignore unknown language tag in userinfo unmarshal (#​505) (dce79a7)

v3.8.0

Compare Source

Features

v3.7.0

Compare Source

Features

v3.6.0

Compare Source

Features
  • op: PKCE Verification in Legacy Server when AuthMethod is not NONE and CodeVerifier is not Empty (#​496) (9d12d1d)

v3.5.1

Compare Source

Bug Fixes

v3.5.0

Compare Source

Features

v3.4.0

Compare Source

Features
  • op: create a JWT profile with a keyset (f7a0f7c)
  • op: JWT profile verifier with keyset (a8ef8de)

v3.3.1

Compare Source

Bug Fixes

v3.3.0

Compare Source

Features

v3.2.1

Compare Source

Bug Fixes
  • op: export NewProvider to allow customized issuer (#​479) (d88c0ac)

v3.2.0

Compare Source

Features

v3.1.1

Compare Source

Bug Fixes

v3.1.0

Compare Source

Features

v3.0.3

Compare Source

Bug Fixes
  • op: terminate session from request in legacy server (#​465) (164c5b2)

v3.0.2

Compare Source

What's Changed

Full Changelog: zitadel/oidc@v3.0.1...v3.0.2

v3.0.1

Compare Source

Bug Fixes
  • op: return state in token response only for implicit flow (#​460) (0dc2a6e)

v3.0.0

Compare Source

Bug Fixes
chore
Features
BREAKING CHANGES
    • Just making sure v3 release is triggered.
  • rp: - rename RefreshAccessToken to RefreshToken
  • RefreshToken returns *oidc.Tokens instead of *oauth2.Token

This change allows the return of the id_token in an explicit manner,
as part of the oidc.Tokens struct.
The return type is now consistent with the CodeExchange function.

When an id_token is returned, it is verified.
In case no id_token was received,
RefreshTokens will not return an error.

As per specifictation:
https://openid.net/specs/openid-connect-core-1\_0.html#RefreshTokenResponse

Upon successful validation of the Refresh Token,
the response body is the Token Response of Section 3.1.3.3
except that it might not contain an id_token.

  • rp.Userinfo and rs.Introspect now require
    a type parameter.
    • The various verifier types are merged into a oidc.Verifir.
  • oidc.Verfier became a struct with exported fields
  • use type aliases for oidc.Verifier

this binds the correct contstructor to each verifier usecase.

  • fix: handle the zero cases for oidc.Time

  • add unit tests to oidc verifier

  • fix: correct returned field for JWTTokenRequest

JWTTokenRequest.GetIssuedAt() was returning the ExpiresAt field.
This change corrects that by returning IssuedAt instead.

  • The returned router from op.CreateRouter() is now a chi.Router

v2.12.0

Compare Source

Features

v2.11.0

Compare Source

Features

v2.10.0

Compare Source

Features

v2.9.0

Compare Source

Features

v2.8.3

Compare Source

Bug Fixes

v2.8.2

Compare Source

Bug Fixes

v2.8.1

Compare Source

Bug Fixes

v2.8.0

Compare Source

Features

v2.7.0

Compare Source

Features

v2.6.4

Compare Source

Bug Fixes
  • client/rs: do not error when issuer discovery has no introspection endpoint (#​414) (406153a)

v2.6.3

Compare Source

Bug Fixes

v2.6.2

Compare Source

Bug Fixes

v2.6.1

Compare Source

Bug Fixes

v2.6.0

Compare Source

Features

v2.5.0

Compare Source

Features
  • rp.RefreshAccessToken() now may provide an updated IDToken (#​365) (f0d4659)

v2.4.0

Compare Source

Features

v2.3.0

Compare Source

Features

v2.2.6

Compare Source

Bug Fixes

v2.2.5

Compare Source

Bug Fixes
  • use Form instead of PostForm in ClientIDFromRequest (#​360) (c72aa8f)

v2.2.4

Compare Source

Bug Fixes
  • improve error handling when getting ClientIDFromRequest (#​359) (dc2bdc6)

v2.2.3

Compare Source

Bug Fixes

v2.2.2

Compare Source

Bug Fixes
  • do not modify userInfo when marshaling (e1d50fa)

v2.2.1

Compare Source

Bug Fixes

v2.2.0

Compare Source

Features

v2.1.2

Compare Source

Bug Fixes
  • correct returned field for JWTTokenRequest (a08ce50), closes #​283

v2.1.1

Compare Source

Bug Fixes
  • handle the zero cases for oidc.Time (115813e)

v2.1.0

Compare Source

Features

v2.0.0

Compare Source

Bug Fixes
chore
  • remove unused context in NewOpenIDProvider (4bd2b74)
Code Refactoring
Features
BREAKING CHANGES
  • The following types are changed from interface to struct type:
  • AccessTokenClaims
  • IDTokenClaims
  • IntrospectionResponse
  • UserInfo and related types.

The following methods of OPStorage now take a pointer to a struct type,
instead of an interface:

  • SetUserinfoFromScopes
  • SetUserinfoFromToken
  • SetIntrospectionFromToken

The following functions are now generic, so that type-safe extension
of Claims is now possible:

  • op.VerifyIDTokenHint

  • op.VerifyAccessToken

  • rp.VerifyTokens

  • rp.VerifyIDToken

  • Changed UserInfoAddress to pointer in UserInfo and
    IntrospectionResponse.
    This was needed to make omitempty work correctly.

  • Copy or merge maps in IntrospectionResponse and SetUserInfo

  • op: add example for VerifyAccessToken

  • fix: rp: wrong assignment in WithIssuedAtMaxAge

WithIssuedAtMaxAge assigned its value to v.maxAge, which was wrong.
This change fixes that by assiging the duration to v.maxAgeIAT.

  • rp: add VerifyTokens example

  • oidc: add standard references to:

  • IDTokenClaims
  • IntrospectionResponse
  • UserInfo
  • only count coverage for ./pkg/...
    • op.NewOpenIDProvider
  • op.NewDynamicOpenIDProvider

The call chain of above functions did not use the context anywhere.
This change removes the context from those fucntion arguments.

  • op: The OpenID Provider package is now able to handle multiple issuers with a single storage implementation. The issuer will be selected from the host of the request and passed into the context, where every function can read it from if necessary. This results in some fundamental changes:
  • Configuration interface:
    • Issuer() string has been changed to IssuerFromRequest(r *http.Request) string
    • Insecure() bool has been added
  • OpenIDProvider interface and dependants:
    • Issuer has been removed from Config struct
    • NewOpenIDProvider now takes an additional parameter issuer and returns a pointer to the public/default implementation and not an OpenIDProvider interface:
      NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opOpts ...Option) (OpenIDProvider, error) changed to NewOpenIDProvider(ctx context.Context, issuer string, config *Config, storage Storage, opOpts ...Option) (*Provider, error)
    • therefore the parameter type Option changed to the public type as well: Option func(o *Provider) error
    • AuthCallbackURL(o OpenIDProvider) func(string) string has been changed to AuthCallbackURL(o OpenIDProvider) func(context.Context, string) string
    • IDTokenHintVerifier() IDTokenHintVerifier (Authorizer, OpenIDProvider, SessionEnder interfaces), AccessTokenVerifier() AccessTokenVerifier (Introspector, OpenIDProvider, Revoker, UserinfoProvider interfaces) and JWTProfileVerifier() JWTProfileVerifier (IntrospectorJWTProfile, JWTAuthorizationGrantExchanger, OpenIDProvider, RevokerJWTProfile interfaces) now take a context.Context parameter IDTokenHintVerifier(context.Context) IDTokenHintVerifier, AccessTokenVerifier(context.Context) AccessTokenVerifier and JWTProfileVerifier(context.Context) JWTProfileVerifier
    • OidcDevMode (CAOS_OIDC_DEV) environment variable check has been removed, use WithAllowInsecure() Option
  • Signing: the signer is not kept in memory anymore, but created on request from the loaded key:
    • Signer interface and func NewSigner have been removed
    • ReadySigner(s Signer) ProbesFn has been removed
    • CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfiguration has been changed to CreateDiscoveryConfig(r *http.Request, config Configuration, storage DiscoverStorage) *oidc.DiscoveryConfiguration
    • Storage interface:
      • GetSigningKey(context.Context, chan<- jose.SigningKey) has been changed to SigningKey(context.Context) (SigningKey, error)
      • KeySet(context.Context) ([]Key, error) has been added
      • GetKeySet(context.Context) (*jose.JSONWebKeySet, error) has been changed to KeySet(context.Context) ([]Key, error)
    • SigAlgorithms(s Signer) []string has been changed to SigAlgorithms(ctx context.Context, storage DiscoverStorage) []string
    • KeyProvider interface: GetKeySet(context.Context) (*jose.JSONWebKeySet, error) has been changed to KeySet(context.Context) ([]Key, error)
    • CreateIDToken: the Signer parameter has been removed

  • move example

  • fix examples

  • fix mocks

  • update readme

  • fix examples and update usage

  • update go module version to v2

  • build branch

  • fix(module): rename caos to zitadel

  • fix: add state in access token response (implicit flow)

  • fix: encode auth response correctly (when using query in redirect uri)

  • fix query param handling

  • feat: add all optional claims of the introspection response

  • fix: use default redirect uri when not passed

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@trap-renovate trap-renovate bot added renovate/gomod (Renovate) Pull requests related to go.mod update type/major (Renovate) Pull requests that update major version labels May 8, 2024
github-actions[bot]
github-actions bot previously approved these changes May 8, 2024
View reviewed changes
@trap-renovate trap-renovate bot force-pushed the renovate/github.com-zitadel-oidc-3.x branch from 0bfd422 to 6c74b48 Compare May 9, 2024 20:10
@trap-renovate trap-renovate bot force-pushed the renovate/github.com-zitadel-oidc-3.x branch from 6c74b48 to 4deac11 Compare May 10, 2024 20:14
@trap-renovate trap-renovate bot force-pushed the renovate/github.com-zitadel-oidc-3.x branch from 4deac11 to 485f827 Compare May 11, 2024 20:10
@trap-renovate trap-renovate bot force-pushed the renovate/github.com-zitadel-oidc-3.x branch from 485f827 to 590cb14 Compare May 13, 2024 20:10
github-actions[bot]
github-actions bot previously approved these changes May 13, 2024
View reviewed changes
@motoki317 motoki317 enabled auto-merge May 14, 2024 05:33
@motoki317 motoki317 merged commit 82cf0d9 into master May 14, 2024
5 checks passed
@motoki317 motoki317 deleted the renovate/github.com-zitadel-oidc-3.x branch May 14, 2024 05:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@motoki317 motoki317 motoki317 approved these changes

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees
No one assigned
Labels
renovate/gomod (Renovate) Pull requests related to go.mod update type/major (Renovate) Pull requests that update major version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@motoki317