mirrors/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel synced 2024-11-22 08:49:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
2243306ef6
zitadel/console
History
Livio Spring ec222a13d7
fix(oidc): IDP and passwordless user auth methods (#7998) 
# Which Problems Are Solved

As already mentioned and (partially) fixed in #7992 we discovered,
issues with v2 tokens that where obtained through an IDP, with
passwordless authentication or with password authentication (wihtout any
2FA set up) using the v1 login for zitadel API calls
- (Previous) authentication through an IdP is now correctly treated as
auth method in case of a reauth even when the user is not redirected to
the IdP
- There were some cases where passwordless authentication was
successfully checked but not correctly set as auth method, which denied
access to ZITADEL API
- Users with password and passwordless, but no 2FA set up which
authenticate just wich password can access the ZITADEL API again

Additionally while testing we found out that because of #7969 the login
UI could completely break / block with the following error:
`sql: Scan error on column index 3, name "state": converting NULL to
int32 is unsupported (Internal)`
# How the Problems Are Solved

- IdP checks are treated the same way as other factors and it's ensured
that a succeeded check within the configured timeframe will always
provide the idp auth method
- `MFATypesAllowed` checks for possible passwordless authentication
- As with the v1 login, the token check now only requires MFA if the
policy is set or the user has 2FA set up
- UserAuthMethodsRequirements now always uses the correctly policy to
check for MFA enforcement
- `State` column is handled as nullable and additional events set the
state to active (as before #7969)

# Additional Changes

- Console now also checks for 403 (mfa required) errors (e.g. after
setting up the first 2FA in console) and redirects the user to the login
UI (with the current id_token as id_token_hint)
- Possible duplicates in auth methods / AMRs are removed now as well.

# Additional Context

- Bugs were introduced in #7822 and # and 7969 and only part of a
pre-release.
- partially already fixed with #7992
- Reported internally.
2024-05-28 08:59:49 +00:00
..
src fix(oidc): IDP and passwordless user auth methods (#7998) 2024-05-28 08:59:49 +00:00
.editorconfig
.eslintrc.js
.gitignore
.prettierignore
.prettierrc
angular.json refactor: copy only required frameworks icons from docs in console (#7538) 2024-03-11 08:33:05 +00:00
buf.gen.yaml
karma.conf.js
ngsw-config.json
package.json feat(console): integrate app (#7417) 2024-02-28 16:52:21 +00:00
prebuild.development.js
README.md
tsconfig.app.json
tsconfig.json feat(console): integrate app (#7417) 2024-02-28 16:52:21 +00:00
tsconfig.spec.json
yarn.lock feat: provide option to limit (T)OTP checks (#7693) 2024-04-10 09:14:55 +00:00

README.md

Console

This project was generated with Angular CLI version 8.3.20.

Development server

Run ng serve for a dev server. Navigate to http://localhost:4200/. The app will automatically reload if you change any of the source files.

Code scaffolding

Run ng generate component component-name to generate a new component. You can also use ng generate directive|pipe|service|class|guard|interface|enum|module.

Build

Run ng build to build the project. The build artifacts will be stored in the dist/ directory. Use the --prod flag for a production build.

Running unit tests

Run ng test to execute the unit tests via Karma.

Running end-to-end tests

Please refer to the contributing guide

Further help

To get more help on the Angular CLI use ng help or go check out the Angular CLI README.