zitadel/internal/repository/sessionlogout/events.go

package sessionlogout

import (
	"context"

	"github.com/zitadel/zitadel/internal/eventstore"
)

const (
	eventTypePrefix                 = "session_logout."
	backChannelEventTypePrefix      = eventTypePrefix + "back_channel."
	BackChannelLogoutRegisteredType = backChannelEventTypePrefix + "registered"
	BackChannelLogoutSentType       = backChannelEventTypePrefix + "sent"
)

type BackChannelLogoutRegisteredEvent struct {
	*eventstore.BaseEvent `json:"-"`

	OIDCSessionID        string `json:"oidc_session_id"`
	UserID               string `json:"user_id"`
	ClientID             string `json:"client_id"`
	BackChannelLogoutURI string `json:"back_channel_logout_uri"`
}

// Payload implements eventstore.Command.
func (e *BackChannelLogoutRegisteredEvent) Payload() any {
	return e
}

func (e *BackChannelLogoutRegisteredEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
	return nil
}

func (e *BackChannelLogoutRegisteredEvent) SetBaseEvent(b *eventstore.BaseEvent) {
	e.BaseEvent = b
}

func NewBackChannelLogoutRegisteredEvent(ctx context.Context, aggregate *eventstore.Aggregate, oidcSessionID, userID, clientID, backChannelLogoutURI string) *BackChannelLogoutRegisteredEvent {
	return &BackChannelLogoutRegisteredEvent{
		BaseEvent: eventstore.NewBaseEventForPush(
			ctx,
			aggregate,
			BackChannelLogoutRegisteredType,
		),
		OIDCSessionID:        oidcSessionID,
		UserID:               userID,
		ClientID:             clientID,
		BackChannelLogoutURI: backChannelLogoutURI,
	}
}

type BackChannelLogoutSentEvent struct {
	eventstore.BaseEvent `json:"-"`

	OIDCSessionID string `json:"oidc_session_id"`
}

func (e *BackChannelLogoutSentEvent) Payload() interface{} {
	return e
}

func (e *BackChannelLogoutSentEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
	return nil
}

func (e *BackChannelLogoutSentEvent) SetBaseEvent(event *eventstore.BaseEvent) {
	e.BaseEvent = *event
}

func NewBackChannelLogoutSentEvent(ctx context.Context, aggregate *eventstore.Aggregate, oidcSessionID string) *BackChannelLogoutSentEvent {
	return &BackChannelLogoutSentEvent{
		BaseEvent: *eventstore.NewBaseEventForPush(
			ctx,
			aggregate,
			BackChannelLogoutSentType,
		),
		OIDCSessionID: oidcSessionID,
	}
}
feat(OIDC): add back channel logout (#8837) # Which Problems Are Solved Currently ZITADEL supports RP-initiated logout for clients. Back-channel logout ensures that user sessions are terminated across all connected applications, even if the user closes their browser or loses connectivity providing a more secure alternative for certain use cases. # How the Problems Are Solved If the feature is activated and the client used for the authentication has a back_channel_logout_uri configured, a `session_logout.back_channel` will be registered. Once a user terminates their session, a (notification) handler will send a SET (form POST) to the registered uri containing a logout_token (with the user's ID and session ID). - A new feature "back_channel_logout" is added on system and instance level - A `back_channel_logout_uri` can be managed on OIDC applications - Added a `session_logout` aggregate to register and inform about sent `back_channel` notifications - Added a `SecurityEventToken` channel and `Form`message type in the notification handlers - Added `TriggeredAtOrigin` fields to `HumanSignedOut` and `TerminateSession` events for notification handling - Exported various functions and types in the `oidc` package to be able to reuse for token signing in the back_channel notifier. - To prevent that current existing session termination events will be handled, a setup step is added to set the `current_states` for the `projections.notifications_back_channel_logout` to the current position - [x] requires https://github.com/zitadel/oidc/pull/671 # Additional Changes - Updated all OTEL dependencies to v1.29.0, since OIDC already updated some of them to that version. - Single Session Termination feature is correctly checked (fixed feature mapping) # Additional Context - closes https://github.com/zitadel/zitadel/issues/8467 - TODO: - Documentation - UI to be done: https://github.com/zitadel/zitadel/issues/8469 --------- Co-authored-by: Hidde Wieringa <hidde@hiddewieringa.nl> 2024-10-31 14:57:17 +00:00			`package sessionlogout`

			`import (`
			`"context"`

			`"github.com/zitadel/zitadel/internal/eventstore"`
			`)`

			`const (`
			`eventTypePrefix = "session_logout."`
			`backChannelEventTypePrefix = eventTypePrefix + "back_channel."`
			`BackChannelLogoutRegisteredType = backChannelEventTypePrefix + "registered"`
			`BackChannelLogoutSentType = backChannelEventTypePrefix + "sent"`
			`)`

			`type BackChannelLogoutRegisteredEvent struct {`
			*eventstore.BaseEvent `json:"-"`

			OIDCSessionID string `json:"oidc_session_id"`
			UserID string `json:"user_id"`
			ClientID string `json:"client_id"`
			BackChannelLogoutURI string `json:"back_channel_logout_uri"`
			`}`

			`// Payload implements eventstore.Command.`
			`func (e *BackChannelLogoutRegisteredEvent) Payload() any {`
			`return e`
			`}`

			`func (e BackChannelLogoutRegisteredEvent) UniqueConstraints() []eventstore.UniqueConstraint {`
			`return nil`
			`}`

			`func (e BackChannelLogoutRegisteredEvent) SetBaseEvent(b eventstore.BaseEvent) {`
			`e.BaseEvent = b`
			`}`

			`func NewBackChannelLogoutRegisteredEvent(ctx context.Context, aggregate eventstore.Aggregate, oidcSessionID, userID, clientID, backChannelLogoutURI string) BackChannelLogoutRegisteredEvent {`
			`return &BackChannelLogoutRegisteredEvent{`
			`BaseEvent: eventstore.NewBaseEventForPush(`
			`ctx,`
			`aggregate,`
			`BackChannelLogoutRegisteredType,`
			`),`
			`OIDCSessionID: oidcSessionID,`
			`UserID: userID,`
			`ClientID: clientID,`
			`BackChannelLogoutURI: backChannelLogoutURI,`
			`}`
			`}`

			`type BackChannelLogoutSentEvent struct {`
			eventstore.BaseEvent `json:"-"`

			OIDCSessionID string `json:"oidc_session_id"`
			`}`

			`func (e *BackChannelLogoutSentEvent) Payload() interface{} {`
			`return e`
			`}`

			`func (e BackChannelLogoutSentEvent) UniqueConstraints() []eventstore.UniqueConstraint {`
			`return nil`
			`}`

			`func (e BackChannelLogoutSentEvent) SetBaseEvent(event eventstore.BaseEvent) {`
			`e.BaseEvent = *event`
			`}`

			`func NewBackChannelLogoutSentEvent(ctx context.Context, aggregate eventstore.Aggregate, oidcSessionID string) BackChannelLogoutSentEvent {`
			`return &BackChannelLogoutSentEvent{`
			`BaseEvent: *eventstore.NewBaseEventForPush(`
			`ctx,`
			`aggregate,`
			`BackChannelLogoutSentType,`
			`),`
			`OIDCSessionID: oidcSessionID,`
			`}`
			`}`