feat: actions v2 for functions (#9420)

# Which Problems Are Solved

Actions v2 are not executed in different functions, as provided by the
actions v1.

# How the Problems Are Solved

Add functionality to call actions v2 through OIDC and SAML logic to
complement tokens and SAMLResponses.

# Additional Changes

- Corrected testing for retrieved intent information
- Added testing for IDP types
- Corrected handling of context for issuer in SAML logic

# Additional Context

- Closes #7247 
- Dependent on https://github.com/zitadel/saml/pull/97
- docs for migration are done in separate issue:
https://github.com/zitadel/zitadel/issues/9456

---------

Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>

internal/idp/providers/azuread/azuread.go

@@ -152,6 +152,10 @@ func ensureMinimalScope(scopes []string) []string {
 	return scopes
 }
 
+func (p *Provider) User() idp.User {
+	return p.Provider.User()
+}
+
 // User represents the structure return on the userinfo endpoint and implements the [idp.User] interface
 //
 // AzureAD does not return an `email_verified` claim.

internal/idp/providers/oauth/oauth2.go

@@ -18,7 +18,7 @@ type Provider struct {
 	options           []rp.Option
 	name              string
 	userEndpoint      string
-	userMapper        func() idp.User
+	user              func() idp.User
 	isLinkingAllowed  bool
 	isCreationAllowed bool
 	isAutoCreation    bool
@@ -65,11 +65,11 @@ func WithRelyingPartyOption(option rp.Option) ProviderOpts {
 }
 
 // New creates a generic OAuth 2.0 provider
-func New(config *oauth2.Config, name, userEndpoint string, userMapper func() idp.User, options ...ProviderOpts) (provider *Provider, err error) {
+func New(config *oauth2.Config, name, userEndpoint string, user func() idp.User, options ...ProviderOpts) (provider *Provider, err error) {
 	provider = &Provider{
 		name:             name,
 		userEndpoint:     userEndpoint,
-		userMapper:       userMapper,
+		user:             user,
 		generateVerifier: oauth2.GenerateVerifier,
 	}
 	for _, option := range options {
@@ -137,3 +137,7 @@ func (p *Provider) IsAutoCreation() bool {
 func (p *Provider) IsAutoUpdate() bool {
 	return p.isAutoUpdate
 }
+
+func (p *Provider) User() idp.User {
+	return p.user()
+}

internal/idp/providers/oauth/session.go

@@ -51,7 +51,7 @@ func (s *Session) PersistentParameters() map[string]any {
 // FetchUser implements the [idp.Session] interface.
 // It will execute an OAuth 2.0 code exchange if needed to retrieve the access token,
 // call the specified userEndpoint and map the received information into an [idp.User].
-func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) {
+func (s *Session) FetchUser(ctx context.Context) (_ idp.User, err error) {
 	if s.Tokens == nil {
 		if err = s.authorize(ctx); err != nil {
 			return nil, err
@@ -62,11 +62,11 @@ func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) {
 		return nil, err
 	}
 	req.Header.Set("authorization", s.Tokens.TokenType+" "+s.Tokens.AccessToken)
-	mapper := s.Provider.userMapper()
-	if err := httphelper.HttpRequest(s.Provider.RelyingParty.HttpClient(), req, &mapper); err != nil {
+	user := s.Provider.User()
+	if err := httphelper.HttpRequest(s.Provider.RelyingParty.HttpClient(), req, &user); err != nil {
 		return nil, err
 	}
-	return mapper, nil
+	return user, nil
 }
 
 func (s *Session) authorize(ctx context.Context) (err error) {