zitadel/apps/login/src/app/(login)/idp/[provider]/success/page.tsx

import { DynamicTheme } from "@/components/dynamic-theme";
import { IdpSignin } from "@/components/idp-signin";
import { linkingFailed } from "@/components/idps/pages/linking-failed";
import { linkingSuccess } from "@/components/idps/pages/linking-success";
import { loginFailed } from "@/components/idps/pages/login-failed";
import { loginSuccess } from "@/components/idps/pages/login-success";
import { idpTypeToIdentityProviderType, PROVIDER_MAPPING } from "@/lib/idp";
import {
  addHuman,
  addIDPLink,
  getBrandingSettings,
  getIDPByID,
  getLoginSettings,
  getOrgsByDomain,
  listUsers,
  retrieveIDPIntent,
} from "@/lib/zitadel";
import { create } from "@zitadel/client";
import { AutoLinkingOption } from "@zitadel/proto/zitadel/idp/v2/idp_pb";
import { OrganizationSchema } from "@zitadel/proto/zitadel/object/v2/object_pb";
import {
  AddHumanUserRequest,
  AddHumanUserRequestSchema,
} from "@zitadel/proto/zitadel/user/v2/user_service_pb";
import { getLocale, getTranslations } from "next-intl/server";

const ORG_SUFFIX_REGEX = /(?<=@)(.+)/;

export default async function Page(props: {
  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
  params: Promise<{ provider: string }>;
}) {
  const params = await props.params;
  const searchParams = await props.searchParams;
  const locale = getLocale();
  const t = await getTranslations({ locale, namespace: "idp" });
  const { id, token, authRequestId, organization, link } = searchParams;
  const { provider } = params;

  const branding = await getBrandingSettings(organization);

  if (!provider || !id || !token) {
    return loginFailed(branding, "IDP context missing");
  }

  const intent = await retrieveIDPIntent(id, token);

  const { idpInformation, userId } = intent;

  // sign in user. If user should be linked continue
  if (userId && !link) {
    // TODO: update user if idp.options.isAutoUpdate is true

    return loginSuccess(
      userId,
      { idpIntentId: id, idpIntentToken: token },
      authRequestId,
      branding,
    );
  }

  if (!idpInformation) {
    return loginFailed(branding, "IDP information missing");
  }

  const idp = await getIDPByID(idpInformation.idpId);
  const options = idp?.config?.options;

  if (!idp) {
    throw new Error("IDP not found");
  }

  const providerType = idpTypeToIdentityProviderType(idp.type);

  if (link && options?.isLinkingAllowed) {
    let idpLink;
    try {
      idpLink = await addIDPLink(
        {
          id: idpInformation.idpId,
          userId: idpInformation.userId,
          userName: idpInformation.userName,
        },
        userId,
      );
    } catch (error) {
      return linkingFailed(branding);
    }

    if (!idpLink) {
      return linkingFailed(branding);
    } else {
      return linkingSuccess(
        userId,
        { idpIntentId: id, idpIntentToken: token },
        authRequestId,
        branding,
      );
    }
  }

  // search for potential user via username, then link
  if (options?.isLinkingAllowed) {
    let foundUser;
    const email = PROVIDER_MAPPING[providerType](idpInformation).email?.email;

    if (options.autoLinking === AutoLinkingOption.EMAIL && email) {
      foundUser = await listUsers({ email }).then((response) => {
        return response.result ? response.result[0] : null;
      });
    } else if (options.autoLinking === AutoLinkingOption.USERNAME) {
      foundUser = await listUsers(
        options.autoLinking === AutoLinkingOption.USERNAME
          ? { userName: idpInformation.userName }
          : { email },
      ).then((response) => {
        return response.result ? response.result[0] : null;
      });
    } else {
      foundUser = await listUsers({
        userName: idpInformation.userName,
        email,
      }).then((response) => {
        return response.result ? response.result[0] : null;
      });
    }

    if (foundUser) {
      let idpLink;
      try {
        idpLink = await addIDPLink(
          {
            id: idpInformation.idpId,
            userId: idpInformation.userId,
            userName: idpInformation.userName,
          },
          foundUser.userId,
        );
      } catch (error) {
        return linkingFailed(branding);
      }

      if (!idpLink) {
        return linkingFailed(branding);
      } else {
        return linkingSuccess(
          foundUser.userId,
          { idpIntentId: id, idpIntentToken: token },
          authRequestId,
          branding,
        );
      }
    }
  }

  if (link) {
    return linkingFailed(branding);
  }

  if (options?.isCreationAllowed && options.isAutoCreation) {
    let orgToRegisterOn: string | undefined = organization;

    let userData: AddHumanUserRequest =
      PROVIDER_MAPPING[providerType](idpInformation);

    if (
      !orgToRegisterOn &&
      userData.username && // username or email?
      ORG_SUFFIX_REGEX.test(userData.username)
    ) {
      const matched = ORG_SUFFIX_REGEX.exec(userData.username);
      const suffix = matched?.[1] ?? "";

      // this just returns orgs where the suffix is set as primary domain
      const orgs = await getOrgsByDomain(suffix);
      const orgToCheckForDiscovery =
        orgs.result && orgs.result.length === 1 ? orgs.result[0].id : undefined;

      const orgLoginSettings = await getLoginSettings(orgToCheckForDiscovery);
      if (orgLoginSettings?.allowDomainDiscovery) {
        orgToRegisterOn = orgToCheckForDiscovery;
      }
    }

    if (orgToRegisterOn) {
      const organizationSchema = create(OrganizationSchema, {
        org: { case: "orgId", value: orgToRegisterOn },
      });

      userData = create(AddHumanUserRequestSchema, {
        ...userData,
        organization: organizationSchema,
      });
    }

    const newUser = await addHuman(userData);

    if (newUser) {
      return (
        <DynamicTheme branding={branding}>
          <div className="flex flex-col items-center space-y-4">
            <h1>{t("registerSuccess.title")}</h1>
            <p className="ztdl-p">{t("registerSuccess.description")}</p>
            <IdpSignin
              userId={newUser.userId}
              idpIntent={{ idpIntentId: id, idpIntentToken: token }}
              authRequestId={authRequestId}
            />
          </div>
        </DynamicTheme>
      );
    }
  }

  // return login failed if no linking or creation is allowed and no user was found
  return loginFailed(branding, "No user found");
}
chore: follow adrs 2024-09-26 22:50:55 -04:00			`import { DynamicTheme } from "@/components/dynamic-theme";`
continue with session 2024-12-16 09:21:12 +01:00			`import { IdpSignin } from "@/components/idp-signin";`
idp pages 2024-12-20 15:54:04 +01:00			`import { linkingFailed } from "@/components/idps/pages/linking-failed";`
			`import { linkingSuccess } from "@/components/idps/pages/linking-success";`
			`import { loginFailed } from "@/components/idps/pages/login-failed";`
			`import { loginSuccess } from "@/components/idps/pages/login-success";`
idp type from intent 2024-09-11 17:12:43 +02:00			`import { idpTypeToIdentityProviderType, PROVIDER_MAPPING } from "@/lib/idp";`
fix: implement auto linking on register 2024-07-17 17:22:12 +02:00			`import {`
org discovery on idp callback 2024-12-16 11:15:01 +01:00			`addHuman,`
fix: implement auto linking on register 2024-07-17 17:22:12 +02:00			`addIDPLink,`
			`getBrandingSettings,`
falling through 2024-08-21 11:11:00 +02:00			`getIDPByID,`
org discovery on idp callback 2024-12-16 11:15:01 +01:00			`getLoginSettings,`
			`getOrgsByDomain,`
search user 2024-08-21 11:18:12 +02:00			`listUsers,`
fix: implement auto linking on register 2024-07-17 17:22:12 +02:00			`retrieveIDPIntent,`
			`} from "@/lib/zitadel";`
org discovery on idp callback 2024-12-16 11:15:01 +01:00			`import { create } from "@zitadel/client";`
username, email check for linking 2024-08-21 12:13:24 +02:00			`import { AutoLinkingOption } from "@zitadel/proto/zitadel/idp/v2/idp_pb";`
org discovery on idp callback 2024-12-16 11:15:01 +01:00			`import { OrganizationSchema } from "@zitadel/proto/zitadel/object/v2/object_pb";`
			`import {`
			`AddHumanUserRequest,`
			`AddHumanUserRequestSchema,`
			`} from "@zitadel/proto/zitadel/user/v2/user_service_pb";`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`import { getLocale, getTranslations } from "next-intl/server";`
refactor: zitadel server Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com> 2024-04-07 03:56:46 -04:00
org discovery on idp callback 2024-12-16 11:15:01 +01:00			`const ORG_SUFFIX_REGEX = /(?<=@)(.+)/;`

lint 2024-11-22 11:27:37 +01:00			`export default async function Page(props: {`
			`searchParams: Promise<Record<string \| number \| symbol, string \| undefined>>;`
			`params: Promise<{ provider: string }>;`
			`}) {`
update nextjs to 15 2024-11-22 11:25:03 +01:00			`const params = await props.params;`
			`const searchParams = await props.searchParams;`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`const locale = getLocale();`
			`const t = await getTranslations({ locale, namespace: "idp" });`
idp for invites 2024-11-29 13:38:56 +01:00			`const { id, token, authRequestId, organization, link } = searchParams;`
github mapping, signup 2023-07-28 15:23:17 +02:00			`const { provider } = params;`

refactor: zitadel server Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com> 2024-04-07 03:56:46 -04:00			`const branding = await getBrandingSettings(organization);`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00
			`if (!provider \|\| !id \|\| !token) {`
log error 2024-12-16 10:36:40 +01:00			`return loginFailed(branding, "IDP context missing");`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`}`

			`const intent = await retrieveIDPIntent(id, token);`

			`const { idpInformation, userId } = intent;`

idp for invites 2024-11-29 13:38:56 +01:00			`// sign in user. If user should be linked continue`
			`if (userId && !link) {`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`// TODO: update user if idp.options.isAutoUpdate is true`

wrap around login 2024-12-16 09:24:31 +01:00			`return loginSuccess(`
			`userId,`
			`{ idpIntentId: id, idpIntentToken: token },`
missing params 2024-12-16 09:43:56 +01:00			`authRequestId,`
wrap around login 2024-12-16 09:24:31 +01:00			`branding,`
continue with session 2024-12-16 09:21:12 +01:00			`);`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`}`

			`if (!idpInformation) {`
log error 2024-12-16 10:36:40 +01:00			`return loginFailed(branding, "IDP information missing");`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`}`

			`const idp = await getIDPByID(idpInformation.idpId);`
			`const options = idp?.config?.options;`

			`if (!idp) {`
			`throw new Error("IDP not found");`
			`}`

			`const providerType = idpTypeToIdentityProviderType(idp.type);`

linking failed page 2024-12-20 12:08:02 +01:00			`if (link && options?.isLinkingAllowed) {`
handle error when linking 2024-12-23 09:32:01 +01:00			`let idpLink;`
			`try {`
			`idpLink = await addIDPLink(`
			`{`
			`id: idpInformation.idpId,`
			`userId: idpInformation.userId,`
			`userName: idpInformation.userName,`
			`},`
			`userId,`
			`);`
			`} catch (error) {`
idp pages 2024-12-20 15:54:04 +01:00			`return linkingFailed(branding);`
handle error when linking 2024-12-23 09:32:01 +01:00			`}`
linking failed page 2024-12-20 12:08:02 +01:00
			`if (!idpLink) {`
			`return linkingFailed(branding);`
			`} else {`
			`return linkingSuccess(`
			`userId,`
			`{ idpIntentId: id, idpIntentToken: token },`
			`authRequestId,`
			`branding,`
			`);`
			`}`
			`}`

try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`// search for potential user via username, then link`
			`if (options?.isLinkingAllowed) {`
			`let foundUser;`
			`const email = PROVIDER_MAPPING[providerType](idpInformation).email?.email;`

			`if (options.autoLinking === AutoLinkingOption.EMAIL && email) {`
			`foundUser = await listUsers({ email }).then((response) => {`
			`return response.result ? response.result[0] : null;`
			`});`
			`} else if (options.autoLinking === AutoLinkingOption.USERNAME) {`
			`foundUser = await listUsers(`
			`options.autoLinking === AutoLinkingOption.USERNAME`
			`? { userName: idpInformation.userName }`
			`: { email },`
			`).then((response) => {`
			`return response.result ? response.result[0] : null;`
			`});`
			`} else {`
			`foundUser = await listUsers({`
			`userName: idpInformation.userName,`
			`email,`
			`}).then((response) => {`
			`return response.result ? response.result[0] : null;`
			`});`
			`}`

			`if (foundUser) {`
handle error when linking 2024-12-23 09:32:01 +01:00			`let idpLink;`
			`try {`
			`idpLink = await addIDPLink(`
			`{`
			`id: idpInformation.idpId,`
			`userId: idpInformation.userId,`
			`userName: idpInformation.userName,`
			`},`
			`foundUser.userId,`
			`);`
			`} catch (error) {`
add idps to invite flow 2024-12-20 11:14:03 +01:00			`return linkingFailed(branding);`
handle error when linking 2024-12-23 09:32:01 +01:00			`}`

idp pages 2024-12-20 15:54:04 +01:00			`if (!idpLink) {`
			`return linkingFailed(branding);`
			`} else {`
linking with userid 2024-12-16 10:14:38 +01:00			`return linkingSuccess(`
change user id 2024-12-16 10:21:00 +01:00			`foundUser.userId,`
linking with userid 2024-12-16 10:14:38 +01:00			`{ idpIntentId: id, idpIntentToken: token },`
			`authRequestId,`
			`branding,`
			`);`
			`}`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`}`
			`}`

fix: ordering of conditions 2024-12-27 11:48:11 +01:00			`if (link) {`
			`return linkingFailed(branding);`
			`}`

			`if (options?.isCreationAllowed && options.isAutoCreation) {`
org discovery on idp callback 2024-12-16 11:15:01 +01:00			`let orgToRegisterOn: string \| undefined = organization;`

			`let userData: AddHumanUserRequest =`
			`PROVIDER_MAPPING[providerType](idpInformation);`

			`if (`
			`!orgToRegisterOn &&`
			`userData.username && // username or email?`
			`ORG_SUFFIX_REGEX.test(userData.username)`
			`) {`
			`const matched = ORG_SUFFIX_REGEX.exec(userData.username);`
			`const suffix = matched?.[1] ?? "";`

			`// this just returns orgs where the suffix is set as primary domain`
			`const orgs = await getOrgsByDomain(suffix);`
			`const orgToCheckForDiscovery =`
			`orgs.result && orgs.result.length === 1 ? orgs.result[0].id : undefined;`

			`const orgLoginSettings = await getLoginSettings(orgToCheckForDiscovery);`
			`if (orgLoginSettings?.allowDomainDiscovery) {`
			`orgToRegisterOn = orgToCheckForDiscovery;`
			`}`
			`}`

			`if (orgToRegisterOn) {`
			`const organizationSchema = create(OrganizationSchema, {`
			`org: { case: "orgId", value: orgToRegisterOn },`
			`});`

			`userData = create(AddHumanUserRequestSchema, {`
			`...userData,`
			`organization: organizationSchema,`
			`});`
			`}`

			`const newUser = await addHuman(userData);`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00
			`if (newUser) {`
			`return (`
			`<DynamicTheme branding={branding}>`
account selection with params 2024-05-03 10:09:18 +02:00			`<div className="flex flex-col items-center space-y-4">`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`<h1>{t("registerSuccess.title")}</h1>`
register page cleanup 2024-12-16 10:41:37 +01:00			`<p className="ztdl-p">{t("registerSuccess.description")}</p>`
			`<IdpSignin`
			`userId={newUser.userId}`
			`idpIntent={{ idpIntentId: id, idpIntentToken: token }}`
			`authRequestId={authRequestId}`
			`/>`
account selection with params 2024-05-03 10:09:18 +02:00			`</div>`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00			`</DynamicTheme>`
			`);`
			`}`
github mapping, signup 2023-07-28 15:23:17 +02:00			`}`
try to fix unit tests, idp, password, accounts translations 2024-10-09 14:03:01 +02:00
			`// return login failed if no linking or creation is allowed and no user was found`
log error 2024-12-16 10:36:40 +01:00			`return loginFailed(branding, "No user found");`
github mapping, signup 2023-07-28 15:23:17 +02:00			`}`