zitadel/backend/v3/domain/id_provider.go

package domain

import (
	"context"
	"time"

	"github.com/zitadel/zitadel/backend/v3/storage/database"
	"github.com/zitadel/zitadel/internal/crypto"
)

//go:generate enumer -type IDPType -transform lower -trimprefix IDPType
type IDPType uint8

const (
	IDPTypeUnspecified IDPType = iota
	IDPTypeOIDC
	IDPTypeJWT
	IDPTypeOAuth
	IDPTypeLDAP
	IDPTypeAzureAD
	IDPTypeGitHub
	IDPTypeGitHubEnterprise
	IDPTypeGitLab
	IDPTypeGitLabSelfHosted
	IDPTypeGoogle
	IDPTypeApple
	IDPTypeSAML
)

//go:generate enumer -type IDPState -transform lower -trimprefix IDPState
type IDPState uint8

const (
	IDPStateActive IDPState = iota
	IDPStateInactive
)

type OIDCMappingField int8

const (
	OIDCMappingFieldUnspecified OIDCMappingField = iota
	OIDCMappingFieldPreferredLoginName
	OIDCMappingFieldEmail
	// count is for validation purposes
	oidcMappingFieldCount
)

type IdentityProvider struct {
	InstanceID        string    `json:"instanceId,omitempty" db:"instance_id"`
	OrgID             *string   `json:"orgId,omitempty" db:"org_id"`
	ID                string    `json:"id,omitempty" db:"id"`
	State             string    `json:"state,omitempty" db:"state"`
	Name              string    `json:"name,omitempty" db:"name"`
	Type              string    `json:"type,omitempty" db:"type"`
	AllowCreation     bool      `json:"allowCreation,omitempty" db:"allow_creation"`
	AllowAutoCreation bool      `json:"allowAutoCreation,omitempty" db:"allow_auto_creation"`
	AllowAutoUpdate   bool      `json:"allowAutoUpdate,omitempty" db:"allow_auto_update"`
	AllowLinking      bool      `json:"allowLinking,omitempty" db:"allow_linking"`
	StylingType       int16     `json:"stylingType,omitempty" db:"styling_type"`
	Payload           *string   `json:"payload,omitempty" db:"payload"`
	CreatedAt         time.Time `json:"createdAt,omitempty" db:"created_at"`
	UpdatedAt         time.Time `json:"updatedAt,omitempty" db:"updated_at"`
}

type OIDC struct {
	IDPConfigID           string             `json:"idpConfigId"`
	ClientID              string             `json:"clientId,omitempty"`
	ClientSecret          crypto.CryptoValue `json:"clientSecret,omitempty"`
	Issuer                string             `json:"issuer,omitempty"`
	AuthorizationEndpoint string             `json:"authorizationEndpoint,omitempty"`
	TokenEndpoint         string             `json:"tokenEndpoint,omitempty"`
	Scopes                []string           `json:"scopes,omitempty"`
	IDPDisplayNameMapping OIDCMappingField   `json:"IDPDisplayNameMapping,omitempty"`
	UserNameMapping       OIDCMappingField   `json:"usernameMapping,omitempty"`
}

type IDPOIDC struct {
	*IdentityProvider
	OIDC
}

type JWT struct {
	IDPConfigID  string `json:"idpConfigId"`
	JWTEndpoint  string `json:"jwtEndpoint,omitempty"`
	Issuer       string `json:"issuer,omitempty"`
	KeysEndpoint string `json:"keysEndpoint,omitempty"`
	HeaderName   string `json:"headerName,omitempty"`
}

type IDPJWT struct {
	*IdentityProvider
	JWT
}

// IDPIdentifierCondition is used to help specify a single identity_provider,
// it will either be used as the  identity_provider ID or identity_provider name,
// as identity_provider can be identified either using (instanceID + OrgID + ID) OR (instanceID + OrgID + name)
type IDPIdentifierCondition interface {
	database.Condition
}

type idProviderColumns interface {
	InstanceIDColumn() database.Column
	OrgIDColumn() database.Column
	IDColumn() database.Column
	StateColumn() database.Column
	NameColumn() database.Column
	TypeColumn() database.Column
	AllowCreationColumn() database.Column
	AllowAutoCreationColumn() database.Column
	AllowAutoUpdateColumn() database.Column
	AllowLinkingColumn() database.Column
	StylingTypeColumn() database.Column
	PayloadColumn() database.Column
	CreatedAtColumn() database.Column
	UpdatedAtColumn() database.Column
}

type idProviderConditions interface {
	InstanceIDCondition(id string) database.Condition
	OrgIDCondition(id *string) database.Condition
	IDCondition(id string) IDPIdentifierCondition
	StateCondition(state IDPState) database.Condition
	NameCondition(name string) IDPIdentifierCondition
	TypeCondition(typee IDPType) database.Condition
	AllowCreationCondition(allow bool) database.Condition
	AllowAutoCreationCondition(allow bool) database.Condition
	AllowAutoUpdateCondition(allow bool) database.Condition
	AllowLinkingCondition(allow bool) database.Condition
	StylingTypeCondition(style int16) database.Condition
	PayloadCondition(payload string) database.Condition
}

type idProviderChanges interface {
	SetName(name string) database.Change
	SetState(state IDPState) database.Change
	SetAllowCreation(allow bool) database.Change
	SetAllowAutoCreation(allow bool) database.Change
	SetAllowAutoUpdate(allow bool) database.Change
	SetAllowLinking(allow bool) database.Change
	SetStylingType(stylingType int16) database.Change
	SetPayload(payload string) database.Change
}

type IDProviderRepository interface {
	idProviderColumns
	idProviderConditions
	idProviderChanges

	Get(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IdentityProvider, error)
	List(ctx context.Context, conditions ...database.Condition) ([]*IdentityProvider, error)

	Create(ctx context.Context, idp *IdentityProvider) error
	Update(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string, changes ...database.Change) (int64, error)
	Delete(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (int64, error)

	GetOIDC(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPOIDC, error)
	GetJWT(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPJWT, error)
}
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`package domain`

			`import (`
			`"context"`
			`"time"`

			`"github.com/zitadel/zitadel/backend/v3/storage/database"`
fixup! fixup! added first event 2025-07-25 12:14:28 +01:00			`"github.com/zitadel/zitadel/internal/crypto"`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`)`

			`//go:generate enumer -type IDPType -transform lower -trimprefix IDPType`
			`type IDPType uint8`

			`const (`
fixup! fixup! added first event 2025-07-25 12:14:28 +01:00			`IDPTypeUnspecified IDPType = iota`
			`IDPTypeOIDC`
			`IDPTypeJWT`
			`IDPTypeOAuth`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`IDPTypeLDAP`
fixup! fixup! added first event 2025-07-25 12:14:28 +01:00			`IDPTypeAzureAD`
			`IDPTypeGitHub`
			`IDPTypeGitHubEnterprise`
			`IDPTypeGitLab`
			`IDPTypeGitLabSelfHosted`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`IDPTypeGoogle`
			`IDPTypeApple`
fixup! fixup! added first event 2025-07-25 12:14:28 +01:00			`IDPTypeSAML`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`)`

			`//go:generate enumer -type IDPState -transform lower -trimprefix IDPState`
			`type IDPState uint8`

			`const (`
			`IDPStateActive IDPState = iota`
			`IDPStateInactive`
			`)`

fixup! fixup! added first event 2025-07-25 12:14:28 +01:00			`type OIDCMappingField int8`

			`const (`
			`OIDCMappingFieldUnspecified OIDCMappingField = iota`
			`OIDCMappingFieldPreferredLoginName`
			`OIDCMappingFieldEmail`
			`// count is for validation purposes`
			`oidcMappingFieldCount`
			`)`

fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`type IdentityProvider struct {`
			InstanceID string `json:"instanceId,omitempty" db:"instance_id"`
added first event 2025-07-22 16:06:22 +01:00			OrgID *string `json:"orgId,omitempty" db:"org_id"`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			ID string `json:"id,omitempty" db:"id"`
			State string `json:"state,omitempty" db:"state"`
			Name string `json:"name,omitempty" db:"name"`
			Type string `json:"type,omitempty" db:"type"`
fixup! fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 15:55:18 +01:00			AllowCreation bool `json:"allowCreation,omitempty" db:"allow_creation"`
			AllowAutoCreation bool `json:"allowAutoCreation,omitempty" db:"allow_auto_creation"`
			AllowAutoUpdate bool `json:"allowAutoUpdate,omitempty" db:"allow_auto_update"`
			AllowLinking bool `json:"allowLinking,omitempty" db:"allow_linking"`
			StylingType int16 `json:"stylingType,omitempty" db:"styling_type"`
added first event 2025-07-22 16:06:22 +01:00			Payload *string `json:"payload,omitempty" db:"payload"`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			CreatedAt time.Time `json:"createdAt,omitempty" db:"created_at"`
			UpdatedAt time.Time `json:"updatedAt,omitempty" db:"updated_at"`
			`}`

fixup! fixup! added first event 2025-07-25 12:14:28 +01:00			`type OIDC struct {`
			IDPConfigID string `json:"idpConfigId"`
			ClientID string `json:"clientId,omitempty"`
			ClientSecret crypto.CryptoValue `json:"clientSecret,omitempty"`
			Issuer string `json:"issuer,omitempty"`
			AuthorizationEndpoint string `json:"authorizationEndpoint,omitempty"`
			TokenEndpoint string `json:"tokenEndpoint,omitempty"`
			Scopes []string `json:"scopes,omitempty"`
			IDPDisplayNameMapping OIDCMappingField `json:"IDPDisplayNameMapping,omitempty"`
			UserNameMapping OIDCMappingField `json:"usernameMapping,omitempty"`
			`}`

			`type IDPOIDC struct {`
			`*IdentityProvider`
			`OIDC`
			`}`

			`type JWT struct {`
			IDPConfigID string `json:"idpConfigId"`
			JWTEndpoint string `json:"jwtEndpoint,omitempty"`
			Issuer string `json:"issuer,omitempty"`
			KeysEndpoint string `json:"keysEndpoint,omitempty"`
			HeaderName string `json:"headerName,omitempty"`
			`}`

			`type IDPJWT struct {`
			`*IdentityProvider`
			`JWT`
			`}`

fixup! fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 15:55:18 +01:00			`// IDPIdentifierCondition is used to help specify a single identity_provider,`
			`// it will either be used as the identity_provider ID or identity_provider name,`
fixup! fixup! added first event 2025-07-25 12:14:28 +01:00			`// as identity_provider can be identified either using (instanceID + OrgID + ID) OR (instanceID + OrgID + name)`
fixup! fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 15:55:18 +01:00			`type IDPIdentifierCondition interface {`
			`database.Condition`
			`}`

fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`type idProviderColumns interface {`
			`InstanceIDColumn() database.Column`
			`OrgIDColumn() database.Column`
			`IDColumn() database.Column`
			`StateColumn() database.Column`
			`NameColumn() database.Column`
			`TypeColumn() database.Column`
			`AllowCreationColumn() database.Column`
			`AllowAutoCreationColumn() database.Column`
			`AllowAutoUpdateColumn() database.Column`
			`AllowLinkingColumn() database.Column`
			`StylingTypeColumn() database.Column`
			`PayloadColumn() database.Column`
			`CreatedAtColumn() database.Column`
			`UpdatedAtColumn() database.Column`
			`}`

			`type idProviderConditions interface {`
			`InstanceIDCondition(id string) database.Condition`
added first event 2025-07-22 16:06:22 +01:00			`OrgIDCondition(id *string) database.Condition`
fixup! fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 15:55:18 +01:00			`IDCondition(id string) IDPIdentifierCondition`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`StateCondition(state IDPState) database.Condition`
fixup! fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 15:55:18 +01:00			`NameCondition(name string) IDPIdentifierCondition`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`TypeCondition(typee IDPType) database.Condition`
			`AllowCreationCondition(allow bool) database.Condition`
			`AllowAutoCreationCondition(allow bool) database.Condition`
			`AllowAutoUpdateCondition(allow bool) database.Condition`
			`AllowLinkingCondition(allow bool) database.Condition`
			`StylingTypeCondition(style int16) database.Condition`
			`PayloadCondition(payload string) database.Condition`
			`}`

			`type idProviderChanges interface {`
			`SetName(name string) database.Change`
			`SetState(state IDPState) database.Change`
			`SetAllowCreation(allow bool) database.Change`
			`SetAllowAutoCreation(allow bool) database.Change`
			`SetAllowAutoUpdate(allow bool) database.Change`
			`SetAllowLinking(allow bool) database.Change`
			`SetStylingType(stylingType int16) database.Change`
			`SetPayload(payload string) database.Change`
			`}`

			`type IDProviderRepository interface {`
			`idProviderColumns`
			`idProviderConditions`
			`idProviderChanges`

fixup! fixup! added first event 2025-07-25 12:14:28 +01:00			`Get(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID string) (IdentityProvider, error)`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`List(ctx context.Context, conditions ...database.Condition) ([]*IdentityProvider, error)`

			`Create(ctx context.Context, idp *IdentityProvider) error`
fixup! fixup! added first event 2025-07-25 12:14:28 +01:00			`Update(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string, changes ...database.Change) (int64, error)`
			`Delete(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (int64, error)`

			`GetOIDC(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID string) (IDPOIDC, error)`
			`GetJWT(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID string) (IDPJWT, error)`
fixup! feat(db): Adding identity_providers table for relational database 2025-07-18 11:02:50 +01:00			`}`