zitadel/internal/domain/request.go

package domain

const (
	OrgDomainPrimaryScope = "urn:zitadel:iam:org:domain:primary:"
	OrgIDScope            = "urn:zitadel:iam:org:id:"
	OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"
	OrgIDClaim            = "urn:zitadel:iam:org:id"
	ProjectIDScope        = "urn:zitadel:iam:org:project:id:"
	ProjectIDScopeZITADEL = "zitadel"
	AudSuffix             = ":aud"
	SelectIDPScope        = "urn:zitadel:iam:org:idp:id:"
)

// TODO: Change AuthRequest to interface and let oidcauthreqesut implement it
type Request interface {
	Type() AuthRequestType
	IsValid() bool
}

type AuthRequestType int32

const (
	AuthRequestTypeOIDC AuthRequestType = iota
	AuthRequestTypeSAML
	AuthRequestTypeDevice
)

type AuthRequestOIDC struct {
	Scopes        []string
	ResponseType  OIDCResponseType
	Nonce         string
	CodeChallenge *OIDCCodeChallenge
}

func (a *AuthRequestOIDC) Type() AuthRequestType {
	return AuthRequestTypeOIDC
}

func (a *AuthRequestOIDC) IsValid() bool {
	return len(a.Scopes) > 0 &&
		a.CodeChallenge == nil || a.CodeChallenge != nil && a.CodeChallenge.IsValid()
}

type AuthRequestSAML struct {
	ID          string
	BindingType string
	Code        string
	Issuer      string
	IssuerName  string
	Destination string
}

func (a *AuthRequestSAML) Type() AuthRequestType {
	return AuthRequestTypeSAML
}

func (a *AuthRequestSAML) IsValid() bool {
	return true
}

type AuthRequestDevice struct {
	ClientID   string
	DeviceCode string
	UserCode   string
	Scopes     []string
}

func (*AuthRequestDevice) Type() AuthRequestType {
	return AuthRequestTypeDevice
}

func (a *AuthRequestDevice) IsValid() bool {
	return a.DeviceCode != "" && a.UserCode != ""
}
feat: User login commands (#1228) * feat: change login to command side * feat: change login to command side * fix: fix push on user * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * feat: external users * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * fix: webauthn * fix: pr requests * fix: register human with member * fix: fix bugs * fix: fix bugs 2021-02-08 10:30:30 +00:00			`package domain`

			`const (`
			`OrgDomainPrimaryScope = "urn:zitadel:iam:org:domain:primary:"`
feat: restrict login to specific org by id (scope) (#4294) * feat: add new org scope * change default of UserLoginMustBeDomain to false * return resource owner claims * fix: use email style for first user * fix: ensure email style for default users (backwards compatibility) * change to external domain (as it was before UserLoginMustBeDomain change) * update e2e tests to use email style usernames * document new scope * lint e2e Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-09-23 12:08:10 +00:00			`OrgIDScope = "urn:zitadel:iam:org:id:"`
feat: User login commands (#1228) * feat: change login to command side * feat: change login to command side * fix: fix push on user * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * feat: external users * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * fix: webauthn * fix: pr requests * fix: register human with member * fix: fix bugs * fix: fix bugs 2021-02-08 10:30:30 +00:00			`OrgDomainPrimaryClaim = "urn:zitadel:iam:org:domain:primary"`
feat: restrict login to specific org by id (scope) (#4294) * feat: add new org scope * change default of UserLoginMustBeDomain to false * return resource owner claims * fix: use email style for first user * fix: ensure email style for default users (backwards compatibility) * change to external domain (as it was before UserLoginMustBeDomain change) * update e2e tests to use email style usernames * document new scope * lint e2e Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-09-23 12:08:10 +00:00			`OrgIDClaim = "urn:zitadel:iam:org:id"`
feat: User login commands (#1228) * feat: change login to command side * feat: change login to command side * fix: fix push on user * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * feat: external users * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * fix: webauthn * fix: pr requests * fix: register human with member * fix: fix bugs * fix: fix bugs 2021-02-08 10:30:30 +00:00			`ProjectIDScope = "urn:zitadel:iam:org:project:id:"`
feat: add ZITADEL project id scope (#4146) * feat: add ZITADEL project id scope * update documentation * documentation * fix scopes * change to lowercase 2022-08-09 07:45:59 +00:00			`ProjectIDScopeZITADEL = "zitadel"`
feat: User login commands (#1228) * feat: change login to command side * feat: change login to command side * fix: fix push on user * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * feat: external users * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * fix: webauthn * fix: pr requests * fix: register human with member * fix: fix bugs * fix: fix bugs 2021-02-08 10:30:30 +00:00			`AudSuffix = ":aud"`
fix: change to repository event types and removed unused code (#3386) * fix: change to repository event types and removed unused code * some fixes * remove unused code 2022-03-31 09:36:26 +00:00			`SelectIDPScope = "urn:zitadel:iam:org:idp:id:"`
feat: User login commands (#1228) * feat: change login to command side * feat: change login to command side * fix: fix push on user * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * feat: external users * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * fix: webauthn * fix: pr requests * fix: register human with member * fix: fix bugs * fix: fix bugs 2021-02-08 10:30:30 +00:00			`)`

feat: instance remove (#4345) * feat(instance): add remove instance event with projections cleanup * fix(instance): corrected used id to clean up projections * fix merge * fix: correct unit test projection names * fix: current sequence of lists and query for ensuring keypair based projections Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-10-20 12:36:52 +00:00			`// TODO: Change AuthRequest to interface and let oidcauthreqesut implement it`
feat: User login commands (#1228) * feat: change login to command side * feat: change login to command side * fix: fix push on user * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * feat: external users * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * fix: webauthn * fix: pr requests * fix: register human with member * fix: fix bugs * fix: fix bugs 2021-02-08 10:30:30 +00:00			`type Request interface {`
			`Type() AuthRequestType`
			`IsValid() bool`
			`}`

			`type AuthRequestType int32`

			`const (`
			`AuthRequestTypeOIDC AuthRequestType = iota`
			`AuthRequestTypeSAML`
feat: device authorization RFC 8628 (#5646) * device auth: implement the write events * add grant type device code * fix(init): check if default value implements stringer --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2023-04-19 08:46:02 +00:00			`AuthRequestTypeDevice`
feat: User login commands (#1228) * feat: change login to command side * feat: change login to command side * fix: fix push on user * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * feat: external users * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * fix: webauthn * fix: pr requests * fix: register human with member * fix: fix bugs * fix: fix bugs 2021-02-08 10:30:30 +00:00			`)`

			`type AuthRequestOIDC struct {`
			`Scopes []string`
			`ResponseType OIDCResponseType`
			`Nonce string`
			`CodeChallenge *OIDCCodeChallenge`
			`}`

			`func (a *AuthRequestOIDC) Type() AuthRequestType {`
			`return AuthRequestTypeOIDC`
			`}`

			`func (a *AuthRequestOIDC) IsValid() bool {`
			`return len(a.Scopes) > 0 &&`
			`a.CodeChallenge == nil \|\| a.CodeChallenge != nil && a.CodeChallenge.IsValid()`
			`}`

			`type AuthRequestSAML struct {`
feat(saml): implementation of saml for ZITADEL v2 (#3618) 2022-09-12 16:18:08 +00:00			`ID string`
			`BindingType string`
			`Code string`
			`Issuer string`
			`IssuerName string`
			`Destination string`
feat: User login commands (#1228) * feat: change login to command side * feat: change login to command side * fix: fix push on user * feat: user command side * feat: sign out * feat: command side login * feat: command side login * feat: fix register user * feat: fix register user * feat: fix web auth n events * feat: add machine keys * feat: send codes * feat: move authrequest to domain * feat: move authrequest to domain * feat: webauthn working * feat: external users * feat: external users login * feat: notify users * fix: tests * feat: cascade remove user grants on project remove * fix: webauthn * fix: pr requests * fix: register human with member * fix: fix bugs * fix: fix bugs 2021-02-08 10:30:30 +00:00			`}`

			`func (a *AuthRequestSAML) Type() AuthRequestType {`
			`return AuthRequestTypeSAML`
			`}`

			`func (a *AuthRequestSAML) IsValid() bool {`
			`return true`
			`}`
feat: device authorization RFC 8628 (#5646) * device auth: implement the write events * add grant type device code * fix(init): check if default value implements stringer --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2023-04-19 08:46:02 +00:00
			`type AuthRequestDevice struct {`
feat(oidc): id token for device authorization (#7088) * cleanup todo * pass id token details to oidc * feat(oidc): id token for device authorization This changes updates to the newest oidc version, so the Device Authorization grant can return ID tokens when the scope `openid` is set. There is also some refactoring done, so that the eventstore can be queried directly when polling for state. The projection is cleaned up to a minimum with only data required for the login UI. * try to be explicit wit hthe timezone to fix github * pin oidc v3.8.0 * remove TBD entry 2023-12-20 12:21:08 +00:00			`ClientID string`
feat: device authorization RFC 8628 (#5646) * device auth: implement the write events * add grant type device code * fix(init): check if default value implements stringer --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2023-04-19 08:46:02 +00:00			`DeviceCode string`
			`UserCode string`
			`Scopes []string`
			`}`

			`func (*AuthRequestDevice) Type() AuthRequestType {`
			`return AuthRequestTypeDevice`
			`}`

			`func (a *AuthRequestDevice) IsValid() bool {`
feat(oidc): id token for device authorization (#7088) * cleanup todo * pass id token details to oidc * feat(oidc): id token for device authorization This changes updates to the newest oidc version, so the Device Authorization grant can return ID tokens when the scope `openid` is set. There is also some refactoring done, so that the eventstore can be queried directly when polling for state. The projection is cleaned up to a minimum with only data required for the login UI. * try to be explicit wit hthe timezone to fix github * pin oidc v3.8.0 * remove TBD entry 2023-12-20 12:21:08 +00:00			`return a.DeviceCode != "" && a.UserCode != ""`
feat: device authorization RFC 8628 (#5646) * device auth: implement the write events * add grant type device code * fix(init): check if default value implements stringer --------- Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2023-04-19 08:46:02 +00:00			`}`