zitadel/internal/repository/idp/oauth.go

package idp

import (
	"encoding/json"

	"github.com/zitadel/zitadel/internal/crypto"
	"github.com/zitadel/zitadel/internal/errors"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/eventstore/repository"
)

type OAuthIDPAddedEvent struct {
	eventstore.BaseEvent `json:"-"`

	ID                    string              `json:"id"`
	Name                  string              `json:"name,omitempty"`
	ClientID              string              `json:"clientId,omitempty"`
	ClientSecret          *crypto.CryptoValue `json:"clientSecret,omitempty"`
	AuthorizationEndpoint string              `json:"authorizationEndpoint,omitempty"`
	TokenEndpoint         string              `json:"tokenEndpoint,omitempty"`
	UserEndpoint          string              `json:"userEndpoint,omitempty"`
	Scopes                []string            `json:"scopes,omitempty"`
	IDAttribute           string              `json:"idAttribute,omitempty"`
	Options
}

func NewOAuthIDPAddedEvent(
	base *eventstore.BaseEvent,
	id,
	name,
	clientID string,
	clientSecret *crypto.CryptoValue,
	authorizationEndpoint,
	tokenEndpoint,
	userEndpoint,
	idAttribute string,
	scopes []string,
	options Options,
) *OAuthIDPAddedEvent {
	return &OAuthIDPAddedEvent{
		BaseEvent:             *base,
		ID:                    id,
		Name:                  name,
		ClientID:              clientID,
		ClientSecret:          clientSecret,
		AuthorizationEndpoint: authorizationEndpoint,
		TokenEndpoint:         tokenEndpoint,
		UserEndpoint:          userEndpoint,
		Scopes:                scopes,
		IDAttribute:           idAttribute,
		Options:               options,
	}
}

func (e *OAuthIDPAddedEvent) Data() interface{} {
	return e
}

func (e *OAuthIDPAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
	return nil
}

func OAuthIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
	e := &OAuthIDPAddedEvent{
		BaseEvent: *eventstore.BaseEventFromRepo(event),
	}

	err := json.Unmarshal(event.Data, e)
	if err != nil {
		return nil, errors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event")
	}

	return e, nil
}

type OAuthIDPChangedEvent struct {
	eventstore.BaseEvent `json:"-"`

	ID                    string              `json:"id"`
	Name                  *string             `json:"name,omitempty"`
	ClientID              *string             `json:"clientId,omitempty"`
	ClientSecret          *crypto.CryptoValue `json:"clientSecret,omitempty"`
	AuthorizationEndpoint *string             `json:"authorizationEndpoint,omitempty"`
	TokenEndpoint         *string             `json:"tokenEndpoint,omitempty"`
	UserEndpoint          *string             `json:"userEndpoint,omitempty"`
	Scopes                []string            `json:"scopes,omitempty"`
	IDAttribute           *string             `json:"idAttribute,omitempty"`
	OptionChanges
}

func NewOAuthIDPChangedEvent(
	base *eventstore.BaseEvent,
	id string,
	changes []OAuthIDPChanges,
) (*OAuthIDPChangedEvent, error) {
	if len(changes) == 0 {
		return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound")
	}
	changedEvent := &OAuthIDPChangedEvent{
		BaseEvent: *base,
		ID:        id,
	}
	for _, change := range changes {
		change(changedEvent)
	}
	return changedEvent, nil
}

type OAuthIDPChanges func(*OAuthIDPChangedEvent)

func ChangeOAuthName(name string) func(*OAuthIDPChangedEvent) {
	return func(e *OAuthIDPChangedEvent) {
		e.Name = &name
	}
}
func ChangeOAuthClientID(clientID string) func(*OAuthIDPChangedEvent) {
	return func(e *OAuthIDPChangedEvent) {
		e.ClientID = &clientID
	}
}

func ChangeOAuthClientSecret(clientSecret *crypto.CryptoValue) func(*OAuthIDPChangedEvent) {
	return func(e *OAuthIDPChangedEvent) {
		e.ClientSecret = clientSecret
	}
}

func ChangeOAuthOptions(options OptionChanges) func(*OAuthIDPChangedEvent) {
	return func(e *OAuthIDPChangedEvent) {
		e.OptionChanges = options
	}
}

func ChangeOAuthAuthorizationEndpoint(authorizationEndpoint string) func(*OAuthIDPChangedEvent) {
	return func(e *OAuthIDPChangedEvent) {
		e.AuthorizationEndpoint = &authorizationEndpoint
	}
}

func ChangeOAuthTokenEndpoint(tokenEndpoint string) func(*OAuthIDPChangedEvent) {
	return func(e *OAuthIDPChangedEvent) {
		e.TokenEndpoint = &tokenEndpoint
	}
}

func ChangeOAuthUserEndpoint(userEndpoint string) func(*OAuthIDPChangedEvent) {
	return func(e *OAuthIDPChangedEvent) {
		e.UserEndpoint = &userEndpoint
	}
}

func ChangeOAuthScopes(scopes []string) func(*OAuthIDPChangedEvent) {
	return func(e *OAuthIDPChangedEvent) {
		e.Scopes = scopes
	}
}

func ChangeOAuthIDAttribute(idAttribute string) func(*OAuthIDPChangedEvent) {
	return func(e *OAuthIDPChangedEvent) {
		e.IDAttribute = &idAttribute
	}
}

func (e *OAuthIDPChangedEvent) Data() interface{} {
	return e
}

func (e *OAuthIDPChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
	return nil
}

func OAuthIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
	e := &OAuthIDPChangedEvent{
		BaseEvent: *eventstore.BaseEventFromRepo(event),
	}

	err := json.Unmarshal(event.Data, e)
	if err != nil {
		return nil, errors.ThrowInternal(err, "IDP-SAf3gw", "unable to unmarshal event")
	}

	return e, nil
}
feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			`package idp`

			`import (`
			`"encoding/json"`

			`"github.com/zitadel/zitadel/internal/crypto"`
			`"github.com/zitadel/zitadel/internal/errors"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/eventstore/repository"`
			`)`

			`type OAuthIDPAddedEvent struct {`
			eventstore.BaseEvent `json:"-"`

			ID string `json:"id"`
			Name string `json:"name,omitempty"`
feat(api): add oidc and jwt provider template (#5290) Adds possibility to manage OIDC and JWT template based providers 2023-02-27 15:32:18 +00:00			ClientID string `json:"clientId,omitempty"`
			ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			AuthorizationEndpoint string `json:"authorizationEndpoint,omitempty"`
			TokenEndpoint string `json:"tokenEndpoint,omitempty"`
			UserEndpoint string `json:"userEndpoint,omitempty"`
			Scopes []string `json:"scopes,omitempty"`
fix: use of generic oauth provider (#5345) Adds a id_attribute to the GenericOAuthProvider, which is used to map the external User. Further mapping can be done in actions by using the `rawInfo` of the new `ctx.v1.providerInfo` field. 2023-03-03 10:38:49 +00:00			IDAttribute string `json:"idAttribute,omitempty"`
feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			`Options`
			`}`

			`func NewOAuthIDPAddedEvent(`
			`base *eventstore.BaseEvent,`
			`id,`
			`name,`
			`clientID string,`
			`clientSecret *crypto.CryptoValue,`
			`authorizationEndpoint,`
			`tokenEndpoint,`
fix: use of generic oauth provider (#5345) Adds a id_attribute to the GenericOAuthProvider, which is used to map the external User. Further mapping can be done in actions by using the `rawInfo` of the new `ctx.v1.providerInfo` field. 2023-03-03 10:38:49 +00:00			`userEndpoint,`
			`idAttribute string,`
feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			`scopes []string,`
			`options Options,`
			`) *OAuthIDPAddedEvent {`
			`return &OAuthIDPAddedEvent{`
			`BaseEvent: *base,`
			`ID: id,`
			`Name: name,`
			`ClientID: clientID,`
			`ClientSecret: clientSecret,`
			`AuthorizationEndpoint: authorizationEndpoint,`
			`TokenEndpoint: tokenEndpoint,`
			`UserEndpoint: userEndpoint,`
			`Scopes: scopes,`
fix: use of generic oauth provider (#5345) Adds a id_attribute to the GenericOAuthProvider, which is used to map the external User. Further mapping can be done in actions by using the `rawInfo` of the new `ctx.v1.providerInfo` field. 2023-03-03 10:38:49 +00:00			`IDAttribute: idAttribute,`
feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			`Options: options,`
			`}`
			`}`

			`func (e *OAuthIDPAddedEvent) Data() interface{} {`
			`return e`
			`}`

			`func (e OAuthIDPAddedEvent) UniqueConstraints() []eventstore.EventUniqueConstraint {`
			`return nil`
			`}`

			`func OAuthIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {`
			`e := &OAuthIDPAddedEvent{`
			`BaseEvent: *eventstore.BaseEventFromRepo(event),`
			`}`

			`err := json.Unmarshal(event.Data, e)`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event")`
			`}`

			`return e, nil`
			`}`

			`type OAuthIDPChangedEvent struct {`
			eventstore.BaseEvent `json:"-"`

			ID string `json:"id"`
			Name *string `json:"name,omitempty"`
feat(api): add oidc and jwt provider template (#5290) Adds possibility to manage OIDC and JWT template based providers 2023-02-27 15:32:18 +00:00			ClientID *string `json:"clientId,omitempty"`
			ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			AuthorizationEndpoint *string `json:"authorizationEndpoint,omitempty"`
			TokenEndpoint *string `json:"tokenEndpoint,omitempty"`
			UserEndpoint *string `json:"userEndpoint,omitempty"`
			Scopes []string `json:"scopes,omitempty"`
fix: use of generic oauth provider (#5345) Adds a id_attribute to the GenericOAuthProvider, which is used to map the external User. Further mapping can be done in actions by using the `rawInfo` of the new `ctx.v1.providerInfo` field. 2023-03-03 10:38:49 +00:00			IDAttribute *string `json:"idAttribute,omitempty"`
feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			`OptionChanges`
			`}`

			`func NewOAuthIDPChangedEvent(`
			`base *eventstore.BaseEvent,`
			`id string,`
			`changes []OAuthIDPChanges,`
			`) (*OAuthIDPChangedEvent, error) {`
			`if len(changes) == 0 {`
			`return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound")`
			`}`
			`changedEvent := &OAuthIDPChangedEvent{`
			`BaseEvent: *base,`
			`ID: id,`
			`}`
			`for _, change := range changes {`
			`change(changedEvent)`
			`}`
			`return changedEvent, nil`
			`}`

			`type OAuthIDPChanges func(*OAuthIDPChangedEvent)`

			`func ChangeOAuthName(name string) func(*OAuthIDPChangedEvent) {`
			`return func(e *OAuthIDPChangedEvent) {`
			`e.Name = &name`
			`}`
			`}`
			`func ChangeOAuthClientID(clientID string) func(*OAuthIDPChangedEvent) {`
			`return func(e *OAuthIDPChangedEvent) {`
			`e.ClientID = &clientID`
			`}`
			`}`

			`func ChangeOAuthClientSecret(clientSecret crypto.CryptoValue) func(OAuthIDPChangedEvent) {`
			`return func(e *OAuthIDPChangedEvent) {`
			`e.ClientSecret = clientSecret`
			`}`
			`}`

			`func ChangeOAuthOptions(options OptionChanges) func(*OAuthIDPChangedEvent) {`
			`return func(e *OAuthIDPChangedEvent) {`
			`e.OptionChanges = options`
			`}`
			`}`

			`func ChangeOAuthAuthorizationEndpoint(authorizationEndpoint string) func(*OAuthIDPChangedEvent) {`
			`return func(e *OAuthIDPChangedEvent) {`
			`e.AuthorizationEndpoint = &authorizationEndpoint`
			`}`
			`}`

			`func ChangeOAuthTokenEndpoint(tokenEndpoint string) func(*OAuthIDPChangedEvent) {`
			`return func(e *OAuthIDPChangedEvent) {`
			`e.TokenEndpoint = &tokenEndpoint`
			`}`
			`}`

			`func ChangeOAuthUserEndpoint(userEndpoint string) func(*OAuthIDPChangedEvent) {`
			`return func(e *OAuthIDPChangedEvent) {`
			`e.UserEndpoint = &userEndpoint`
			`}`
			`}`

			`func ChangeOAuthScopes(scopes []string) func(*OAuthIDPChangedEvent) {`
			`return func(e *OAuthIDPChangedEvent) {`
			`e.Scopes = scopes`
			`}`
			`}`

fix: use of generic oauth provider (#5345) Adds a id_attribute to the GenericOAuthProvider, which is used to map the external User. Further mapping can be done in actions by using the `rawInfo` of the new `ctx.v1.providerInfo` field. 2023-03-03 10:38:49 +00:00			`func ChangeOAuthIDAttribute(idAttribute string) func(*OAuthIDPChangedEvent) {`
			`return func(e *OAuthIDPChangedEvent) {`
			`e.IDAttribute = &idAttribute`
			`}`
			`}`

feat(api): add generic oauth provider template (#5260) adds functionality to manage templates based OIDC IDPs 2023-02-24 14:16:06 +00:00			`func (e *OAuthIDPChangedEvent) Data() interface{} {`
			`return e`
			`}`

			`func (e OAuthIDPChangedEvent) UniqueConstraints() []eventstore.EventUniqueConstraint {`
			`return nil`
			`}`

			`func OAuthIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {`
			`e := &OAuthIDPChangedEvent{`
			`BaseEvent: *eventstore.BaseEventFromRepo(event),`
			`}`

			`err := json.Unmarshal(event.Data, e)`
			`if err != nil {`
			`return nil, errors.ThrowInternal(err, "IDP-SAf3gw", "unable to unmarshal event")`
			`}`

			`return e, nil`
			`}`