Tim Möhlmann

icon indicating a website link zitadel.com icon indicating an email [email protected]

icon company @Zitadel icon location Sibiu, Romania icon location Software engineer OIDC @zitadel

Results 284 comments of Tim Möhlmann

Automatic DNS updates for DKIM

I've been using lexicon as part of the https://github.com/adferrand/letsencrypt-dns Docker image and it works stable. The main problem we'll be facing is the provider specific API variables. They are not...

runtime: TestTSAN: fails with `signal handler spoils errno`

OS release info: ``` NAME="openSUSE Tumbleweed" # VERSION="20240302" ID="opensuse-tumbleweed" ID_LIKE="opensuse suse" VERSION_ID="20240302" PRETTY_NAME="openSUSE Tumbleweed" ANSI_COLOR="0;32" # CPE 2.3 format, boo#1217921 CPE_NAME="cpe:2.3:o:opensuse:tumbleweed:20240302:*:*:*:*:*:*:*" #CPE 2.2 format #CPE_NAME="cpe:/o:opensuse:tumbleweed:20240302" BUG_REPORT_URL="https://bugzilla.opensuse.org" SUPPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org" DOCUMENTATION_URL="https://en.opensuse.org/Portal:Tumbleweed" LOGO="distributor-logo-Tumbleweed"...

runtime: TestTSAN: fails with `signal handler spoils errno`

Path is non-standard because I need the go paths in there: ``` /home/tim/go/bin:/home/tim/Repositories/goroot/bin:/home/tim/.local/bin:/home/tim/bin:/usr/local/bin:/usr/bin:/bin ```

runtime: TestTSAN: fails with `signal handler spoils errno`

> Re: SIGWINCH, the only case I'm aware of using SIGWINCH are window managers when a window changes size. But do these systems even have a window manager? That might...

runtime: TestTSAN: fails with `signal handler spoils errno`

> Yeah, that's pretty weird. Maybe something in the builder changed and it now thinks it has a window manager?... Do the builders use some kind of terminal-to-web emulator that...

relay abuse through SRS

Pinging @kaiyou as apparently this was discussed on Matrix. Background: SRS was added recently on master: Mailu/Mailu#1349

JWT Profile Grant: return id_token if openid scope is set

@akaegi we did discuss this. But as the JWT profile grant already works without user interaction, there is no real `offline_access`. The app might as well just send a freshly...

JWT Profile Grant: return id_token if openid scope is set

I also understand your reasoning. However, we enforce the grant type on the token endpoint by OIDC client config. For `refresh_token` the OIDC config must contain that grant. In our...

JWT Profile Grant: return id_token if openid scope is set

It would fix it only for zitadel through the custom implementation of the `ClientCredentials` server method. Is that sufficient for the requested usecase?

JWT Profile Grant: return id_token if openid scope is set

@akaegi with the `urn:zitadel:iam:org:project:id:{projectid}:aud` scope you can add the entire project of the client into the audience, making it valid for that app. Would that solve your issue?