oidc
oidc copied to clipboard
zitadel
feat(op): dynamic issuer depending on request / host
BREAKING CHANGE: The OpenID Provider package is now able to handle multiple issuers with a single storage implementation. The issuer will be selected from the host of the request and passed into the context, where every function can read it from if necessary. This results in some fundamental changes:
Configurationinterface:Issuer() stringhas been changed toIssuerFromRequest(r *http.Request) stringInsecure() boolhas been added
- OpenIDProvider interface and dependants:
Issuerhas been removed from Config structNewOpenIDProvidernow takes an additional parameterissuerand returns a pointer to the public/default implementation and not an OpenIDProvider interface:NewOpenIDProvider(ctx context.Context, config *Config, storage Storage, opOpts ...Option) (OpenIDProvider, error)changed toNewOpenIDProvider(ctx context.Context, issuer string, config *Config, storage Storage, opOpts ...Option) (*Provider, error)- therefore the parameter type Option changed to the public type as well:
Option func(o *Provider) error AuthCallbackURL(o OpenIDProvider) func(string) stringhas been changed toAuthCallbackURL(o OpenIDProvider) func(context.Context, string) stringIDTokenHintVerifier() IDTokenHintVerifier(Authorizer, OpenIDProvider, SessionEnder interfaces),AccessTokenVerifier() AccessTokenVerifier(Introspector, OpenIDProvider, Revoker, UserinfoProvider interfaces) andJWTProfileVerifier() JWTProfileVerifier(IntrospectorJWTProfile, JWTAuthorizationGrantExchanger, OpenIDProvider, RevokerJWTProfile interfaces) now take a context.Context parameterIDTokenHintVerifier(context.Context) IDTokenHintVerifier,AccessTokenVerifier(context.Context) AccessTokenVerifierandJWTProfileVerifier(context.Context) JWTProfileVerifierOidcDevMode(CAOS_OIDC_DEV) environment variable check has been removed, useWithAllowInsecure()Option
- Signing: the signer is not kept in memory anymore, but created on request from the loaded key:
Signerinterface and funcNewSignerhave been removedReadySigner(s Signer) ProbesFnhas been removedCreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfigurationhas been changed toCreateDiscoveryConfig(r *http.Request, config Configuration, storage DiscoverStorage) *oidc.DiscoveryConfigurationStorageinterface:GetSigningKey(context.Context, chan<- jose.SigningKey)has been changed toSigningKey(context.Context) (SigningKey, error)KeySet(context.Context) ([]Key, error)has been addedGetKeySet(context.Context) (*jose.JSONWebKeySet, error)has been changed toKeySet(context.Context) ([]Key, error)
SigAlgorithms(s Signer) []stringhas been changed toSigAlgorithms(ctx context.Context, storage DiscoverStorage) []string- KeyProvider interface:
GetKeySet(context.Context) (*jose.JSONWebKeySet, error)has been changed toKeySet(context.Context) ([]Key, error) CreateIDToken: the Signer parameter has been removed
Codecov Report
Merging #173 (3e6ea03) into main (885fe0d) will increase coverage by
4.69%. The diff coverage is29.69%.
@@ Coverage Diff @@
## main #173 +/- ##
==========================================
+ Coverage 12.77% 17.47% +4.69%
==========================================
Files 39 41 +2
Lines 2927 3119 +192
==========================================
+ Hits 374 545 +171
- Misses 2543 2561 +18
- Partials 10 13 +3
| Impacted Files | Coverage Δ | |
|---|---|---|
| pkg/http/http.go | 0.00% <0.00%> (ø) |
|
| pkg/oidc/code_challenge.go | 0.00% <ø> (ø) |
|
| pkg/oidc/introspection.go | 0.00% <0.00%> (ø) |
|
| pkg/oidc/token.go | 0.00% <ø> (ø) |
|
| pkg/oidc/token_request.go | 0.00% <ø> (ø) |
|
| pkg/oidc/verifier.go | 0.00% <ø> (ø) |
|
| pkg/op/client.go | 100.00% <ø> (ø) |
|
| pkg/op/crypto.go | 0.00% <ø> (ø) |
|
| pkg/op/error.go | 0.00% <ø> (ø) |
|
| pkg/op/op.go | 0.00% <0.00%> (ø) |
|
| ... and 25 more |
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
