Merge branch 'main' into query-side-view

.github/workflows/zitadel.yml

@@ -335,3 +335,12 @@ jobs:
           prerelease: true
           draft: false
           allowUpdates: true
+      - uses: actions/checkout@v2
+      - name: Create Sentry release
+        uses: getsentry/action-release@v1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+        with:
+          version: ${{ steps.semantic.outputs.new_release_version }}

console/README.md

@@ -25,3 +25,4 @@ Run `ng e2e` to execute the end-to-end tests via [Protractor](http://www.protrac
 ## Further help
 
 To get more help on the Angular CLI use `ng help` or go check out the [Angular CLI README](https://github.com/angular/angular-cli/blob/master/README.md).
+

console/angular.json

@@ -89,7 +89,7 @@
                   "maximumError": "10kb"
                 }
               ],
-              "serviceWorker": true,
+              "serviceWorker": false,
               "ngswConfigPath": "ngsw-config.json"
             },
             "development": {}

console/src/app/app.module.ts

@@ -28,7 +28,6 @@ import { RegExpPipeModule } from 'src/app/pipes/regexp-pipe/regexp-pipe.module';
 import { AssetService } from 'src/app/services/asset.service';
 import { SubscriptionService } from 'src/app/services/subscription.service';
 
-import { environment } from '../environments/environment';
 import { AppRoutingModule } from './app-routing.module';
 import { AppComponent } from './app.component';
 import { HasRoleModule } from './directives/has-role/has-role.module';
@@ -128,7 +127,7 @@ const authConfig: AuthConfig = {
     MatDialogModule,
     RegExpPipeModule,
     OnboardingModule,
-    ServiceWorkerModule.register('ngsw-worker.js', { enabled: environment.production }),
+    ServiceWorkerModule.register('ngsw-worker.js', { enabled: false }),
   ],
   providers: [
     ThemeService,

console/src/app/modules/policies/login-policy/login-policy.component.html

@@ -150,7 +150,7 @@ <h3 class="subheader">{{ 'MFA.LIST.MULTIFACTORTITLE' | translate }}</h3>
         </ng-container>
         <app-mfa-table [service]="service" [serviceType]="serviceType"
             [componentType]="LoginMethodComponentType.MultiFactor"
-            [disabled]="(([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.policy.write' : serviceType == PolicyComponentServiceType.MGMT ? 'policy.write' : ''] | hasRole | async) == false) || ((['login_policy.factors'] | hasFeature | async) == false)">
+            [disabled]="(([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.policy.write' : serviceType == PolicyComponentServiceType.MGMT ? 'policy.write' : ''] | hasRole | async) == false) || (serviceType == PolicyComponentServiceType.MGMT && (['login_policy.factors'] | hasFeature | async) == false)">
         </app-mfa-table>
 
         <h3 class="subheader">{{ 'MFA.LIST.SECONDFACTORTITLE' | translate }}</h3>
@@ -162,7 +162,7 @@ <h3 class="subheader">{{ 'MFA.LIST.SECONDFACTORTITLE' | translate }}</h3>
         </ng-container>
         <app-mfa-table [service]="service" [serviceType]="serviceType"
             [componentType]="LoginMethodComponentType.SecondFactor"
-            [disabled]="([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.policy.write' : serviceType == PolicyComponentServiceType.MGMT ? 'policy.write' : ''] | hasRole | async) == false || (['login_policy.factors'] | hasFeature | async) == false">
+            [disabled]="([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.policy.write' : serviceType == PolicyComponentServiceType.MGMT ? 'policy.write' : ''] | hasRole | async) == false || (serviceType == PolicyComponentServiceType.MGMT && (['login_policy.factors'] | hasFeature | async) == false)">
         </app-mfa-table>
     </ng-container>
 
@@ -197,7 +197,7 @@ <h3 class="subheader">{{'LOGINPOLICY.IDPS' | translate}}</h3>
                 </div>
             </div>
         </div>
-        <div *ngIf="!disabled && (serviceType == PolicyComponentServiceType.MGMT && (['login_policy.idp'] | hasFeature | async))"
+        <div *ngIf="!disabled && ((serviceType == PolicyComponentServiceType.MGMT && (['login_policy.idp'] | hasFeature | async)) || serviceType == PolicyComponentServiceType.ADMIN)"
             class="new-idp" (click)="openDialog()" matRipple>
             <mat-icon>add</mat-icon>
         </div>
@@ -214,7 +214,7 @@ <h3 class="subheader">{{'LOGINPOLICY.IDPS' | translate}}</h3>
                 <i class="lab la-gitlab"></i>
             </div>
             <app-idp-table [service]="service" [serviceType]="serviceType"
-                [disabled]="([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.idp.write' : serviceType == PolicyComponentServiceType.MGMT ? 'org.idp.write' : ''] | hasRole | async) == false || (['login_policy.idp'] | hasFeature | async) == false">
+                [disabled]="([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.idp.write' : serviceType == PolicyComponentServiceType.MGMT ? 'org.idp.write' : ''] | hasRole | async) == false || ((serviceType == PolicyComponentServiceType.MGMT && (['login_policy.idp'] | hasFeature | async) == false))">
             </app-idp-table>
         </app-card>
     </ng-template>

console/src/app/pages/projects/apps/app-detail/app-detail.component.html

@@ -259,7 +259,7 @@ <h3 class="full-width section-title">{{'APP.OIDC.REDIRECTSECTIONTITLE' | transla
                         </mat-select>
                     </cnsl-form-field>
 
-                    <mat-checkbox *ngIf="accessTokenType?.value === OIDCTokenType.OIDCTOKENTYPE_JWT" class="full-width"
+                    <mat-checkbox *ngIf="accessTokenType?.value === OIDCTokenType.OIDC_TOKEN_TYPE_JWT" class="full-width"
                         formControlName="accessTokenRoleAssertion" color="primary">
                         {{'APP.OIDC.ACCESSTOKENROLEASSERTION' | translate}}</mat-checkbox>
 

console/src/assets/i18n/de.json

@@ -907,7 +907,7 @@
       "SELECTGROUPTOOLTIP": "Wähle alle Rollen der Gruppe {{group}} aus.",
       "OPTIONS": "Optionen",
       "ASSERTION": "Rollen bei Authentisierung mitschicken",
-      "ASSERTION_DESCRIPTION": "Rolleninformationen werden der Authentisierung per Token, UserInfo Endpoint oder anderen Methoden bereitgestellt, die in Applikationseinstellungen definiert sind.",
+      "ASSERTION_DESCRIPTION": "Rolleninformationen werden auf dem UserInfo Endpoint oder je nach Applikationseinstellungen in Tokens oder anderen Methoden bereitgestellt.",
       "CHECK": "Rollen bei Authentisierung prüfen",
       "CHECK_DESCRIPTION": "Ist das Attribut gesetzt, kann ein Benutzer nur mit einem entsprechenden Rolle authentifiziert werden."
     },
@@ -1172,9 +1172,9 @@
       "OVERVIEWSECTION": "Übersicht",
       "OVERVIEWTITLE": "Deine Konfiguration ist bereit. Du kannst sie hier nochmals prüfen.",
       "ACCESSTOKENROLEASSERTION": "Benutzerrollen dem Access Token hinzufügen",
-      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Access Token die Rollen des Authentifizierten Benutzers hinzugefügt.",
+      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Access Token die angeforderten Rollen des authentifizierten Benutzers hinzugefügt.",
       "IDTOKENROLEASSERTION": "Benutzerrollen im ID Token",
-      "IDTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Id Token die Rollen des Authentifizierten Benutzers hinzugefügt.",
+      "IDTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem ID Token die angeforderten Rollen des authentifizierten Benutzers hinzugefügt.",
       "IDTOKENUSERINFOASSERTION": "User Info im ID Token",
       "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Ermöglich OIDC clients claims von profile, email, phone und address direkt vom ID Token zu beziehen.",
       "CLOCKSKEW": "ermöglicht Clients, den Taktversatz von OP und Client zu verarbeiten. Die Dauer (0-5s) wird der exp addiert und von iats, auth_time und nbf abgezogen.",

console/src/assets/i18n/en.json

@@ -908,8 +908,8 @@
       "CREATIONDATE": "Created",
       "SELECTGROUPTOOLTIP": "Select all Roles of the group {{group}}.",
       "OPTIONS": "Options",
-      "ASSERTION": "Assert Roles on Authentication.",
-      "ASSERTION_DESCRIPTION": "Roleinformation is sent as Token, Userinfo endpoint or other type, depending on your application settings.",
+      "ASSERTION": "Assert Roles on Authentication",
+      "ASSERTION_DESCRIPTION": "Role information is sent from Userinfo endpoint and depending on your application settings in tokens and other types.",
       "CHECK": "Check roles on Authentication",
       "CHECK_DESCRIPTION": "If set, users are only allowed to authenticate if any role is assigned to their account."
     },
@@ -1175,9 +1175,9 @@
       "OVERVIEWSECTION": "Overview",
       "OVERVIEWTITLE": "You are now done. Review your configuration.",
       "ACCESSTOKENROLEASSERTION": "Add user roles to the access token",
-      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "If selected, the roles of the authenticated user are added to the access token.",
+      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "If selected, the requested roles of the authenticated user are added to the access token.",
       "IDTOKENROLEASSERTION": "User roles inside ID Token",
-      "IDTOKENROLEASSERTION_DESCRIPTION": "If selected, the roles of the authenticated user are added to the ID token.",
+      "IDTOKENROLEASSERTION_DESCRIPTION": "If selected, the requested roles of the authenticated user are added to the ID token.",
       "IDTOKENUSERINFOASSERTION": "User Info inside ID Token",
       "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Enables clients to retrieve profile, email, phone and address claims from ID token.",
       "CLOCKSKEW": "Enables clients to handle clock skew of OP and client. The duration (0-5s) will be added to exp claim and subtracted from iats, auth_time and nbf.",