Tim Möhlmann

icon indicating a website link zitadel.com icon indicating an email [email protected]

icon company @Zitadel icon location Sibiu, Romania icon location Software engineer OIDC @zitadel

Results 284 comments of Tim Möhlmann

Access token response is not compliant with OAuth 2.0 (RFC 6749)

@isegura-eos-eng Yes, you are right it should't take much to add it to the struct. @livio-a this feels like a Deja Vu. Wasn't there already an issue, fix or discussion...

Access token response is not compliant with OAuth 2.0 (RFC 6749)

Found it: https://github.com/zitadel/zitadel/issues/6609 At the time someone volunteered for a fix, but went silent. @isegura-eos-eng do you want to send a PR for this?

Access token response is not compliant with OAuth 2.0 (RFC 6749)

@isegura-eos-eng validation of scope is done early in the [`Authorize`](https://pkg.go.dev/github.com/zitadel/oidc/v3/pkg/op#Authorize) handler. The invalid scopes are silently dropped. https://github.com/zitadel/oidc/blob/5ae555e19136066760d02e10af451464c6a3e3c8/pkg/op/auth_request.go#L268-L286 The token endpoint has no access to the originally requested scope. For...

Access token response is not compliant with OAuth 2.0 (RFC 6749)

> Then it's pretty straight forward. I've never done a PR in this project, any tips @muhlemmer ? Contribution guidelines are here: https://github.com/zitadel/oidc/blob/main/CONTRIBUTING.md > And another question: To build the...