fix: provide more information in the retrieve idp information (#5927)

* fix: provide more information in the retrieve idp information * change raw_information to proto struct * change unmarshal * improve description
2025-08-12 07:57:32 +00:00 · 2023-06-20 14:39:50 +02:00
parent 83da9cada7
commit 1017568cf1
9 changed files with 169 additions and 52 deletions
--- a/internal/api/grpc/user/v2/user.go
+++ b/internal/api/grpc/user/v2/user.go
@@ -6,6 +6,7 @@ import (
 	"io"

 	"golang.org/x/text/language"
+	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"

 	"github.com/zitadel/zitadel/internal/api/authz"
@@ -64,8 +65,8 @@ func addUserRequestToAddHuman(req *user.AddHumanUserRequest) (*command.AddHuman,
 	for i, link := range req.GetIdpLinks() {
 		links[i] = &command.AddLink{
 			IDPID:         link.GetIdpId(),
-			IDPExternalID: link.GetIdpExternalId(),
-			DisplayName:   link.GetDisplayName(),
+			IDPExternalID: link.GetUserId(),
+			DisplayName:   link.GetUserName(),
 		}
 	}
 	return &command.AddHuman{
@@ -124,8 +125,8 @@ func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_
 	orgID := authz.GetCtxData(ctx).OrgID
 	details, err := s.command.AddUserIDPLink(ctx, req.UserId, orgID, &domain.UserIDPLink{
 		IDPConfigID:    req.GetIdpLink().GetIdpId(),
-		ExternalUserID: req.GetIdpLink().GetIdpExternalId(),
-		DisplayName:    req.GetIdpLink().GetDisplayName(),
+		ExternalUserID: req.GetIdpLink().GetUserId(),
+		DisplayName:    req.GetIdpLink().GetUserName(),
 	})
 	if err != nil {
 		return nil, err
@@ -176,6 +177,12 @@ func intentToIDPInformationPb(intent *command.IDPIntentWriteModel, alg crypto.En
 			return nil, err
 		}
 	}
+	rawInformation := new(structpb.Struct)
+	err = rawInformation.UnmarshalJSON(intent.IDPUser)
+	if err != nil {
+		return nil, err
+	}
+
 	return &user.RetrieveIdentityProviderInformationResponse{
 		Details: &object_pb.Details{
 			Sequence:      intent.ProcessedSequence,
@@ -189,7 +196,10 @@ func intentToIDPInformationPb(intent *command.IDPIntentWriteModel, alg crypto.En
 					IdToken:     idToken,
 				},
 			},
-			IdpInformation: intent.IDPUser,
+			IdpId:          intent.IDPID,
+			UserId:         intent.IDPUserID,
+			UserName:       intent.IDPUserName,
+			RawInformation: rawInformation,
 		},
 	}, nil
 }
--- a/internal/api/grpc/user/v2/user_integration_test.go
+++ b/internal/api/grpc/user/v2/user_integration_test.go
@@ -15,11 +15,13 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 	"golang.org/x/oauth2"
+	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"

 	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/api/grpc"
 	"github.com/zitadel/zitadel/internal/command"
-	"github.com/zitadel/zitadel/internal/idp/providers/oauth"
+	openid "github.com/zitadel/zitadel/internal/idp/providers/oidc"
 	"github.com/zitadel/zitadel/internal/integration"
 	"github.com/zitadel/zitadel/internal/repository/idp"
 	object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha"
@@ -81,12 +83,15 @@ func createSuccessfulIntent(t *testing.T, idpID string) (string, string, time.Ti
 	intentID := createIntent(t, idpID)
 	writeModel, err := Tester.Commands.GetIntentWriteModel(ctx, intentID, Tester.Organisation.ID)
 	require.NoError(t, err)
-	idpUser := &oauth.UserMapper{
-		RawInfo: map[string]interface{}{
-			"id": "id",
+	idpUser := openid.NewUser(
+		&oidc.UserInfo{
+			Subject: "id",
+			UserInfoProfile: oidc.UserInfoProfile{
+				PreferredUsername: "username",
+			},
 		},
-	}
-	idpSession := &oauth.Session{
+	)
+	idpSession := &openid.Session{
 		Tokens: &oidc.Tokens[*oidc.IDTokenClaims]{
 			Token: &oauth2.Token{
 				AccessToken: "accessToken",
@@ -386,9 +391,9 @@ func TestServer_AddHumanUser(t *testing.T) {
 					},
 					IdpLinks: []*user.IDPLink{
 						{
-							IdpId:         "idpID",
-							IdpExternalId: "externalID",
-							DisplayName:   "displayName",
+							IdpId:    "idpID",
+							UserId:   "userID",
+							UserName: "username",
 						},
 					},
 				},
@@ -433,9 +438,9 @@ func TestServer_AddHumanUser(t *testing.T) {
 					},
 					IdpLinks: []*user.IDPLink{
 						{
-							IdpId:         idpID,
-							IdpExternalId: "externalID",
-							DisplayName:   "displayName",
+							IdpId:    idpID,
+							UserId:   "userID",
+							UserName: "username",
 						},
 					},
 				},
@@ -495,9 +500,9 @@ func TestServer_AddIDPLink(t *testing.T) {
 				&user.AddIDPLinkRequest{
 					UserId: "userID",
 					IdpLink: &user.IDPLink{
-						IdpId:         idpID,
-						IdpExternalId: "externalID",
-						DisplayName:   "displayName",
+						IdpId:    idpID,
+						UserId:   "userID",
+						UserName: "username",
 					},
 				},
 			},
@@ -511,9 +516,9 @@ func TestServer_AddIDPLink(t *testing.T) {
 				&user.AddIDPLinkRequest{
 					UserId: Tester.Users[integration.OrgOwner].ID,
 					IdpLink: &user.IDPLink{
-						IdpId:         "idpID",
-						IdpExternalId: "externalID",
-						DisplayName:   "displayName",
+						IdpId:    "idpID",
+						UserId:   "userID",
+						UserName: "username",
 					},
 				},
 			},
@@ -527,9 +532,9 @@ func TestServer_AddIDPLink(t *testing.T) {
 				&user.AddIDPLinkRequest{
 					UserId: Tester.Users[integration.OrgOwner].ID,
 					IdpLink: &user.IDPLink{
-						IdpId:         idpID,
-						IdpExternalId: "externalID",
-						DisplayName:   "displayName",
+						IdpId:    idpID,
+						UserId:   "userID",
+						UserName: "username",
 					},
 				},
 			},
@@ -678,7 +683,17 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) {
 							IdToken:     gu.Ptr("idToken"),
 						},
 					},
-					IdpInformation: []byte(`{"RawInfo":{"id":"id"}}`),
+					IdpId:    idpID,
+					UserId:   "id",
+					UserName: "username",
+					RawInformation: func() *structpb.Struct {
+						s, err := structpb.NewStruct(map[string]interface{}{
+							"sub":                "id",
+							"preferred_username": "username",
+						})
+						require.NoError(t, err)
+						return s
+					}(),
 				},
 			},
 			wantErr: false,
@@ -693,8 +708,7 @@ func TestServer_RetrieveIdentityProviderInformation(t *testing.T) {
 				require.NoError(t, err)
 			}

-			require.Equal(t, tt.want.GetDetails(), got.GetDetails())
-			require.Equal(t, tt.want.GetIdpInformation(), got.GetIdpInformation())
+			grpc.AllFieldsEqual(t, got.ProtoReflect(), tt.want.ProtoReflect(), grpc.CustomMappers)
 		})
 	}
 }
--- a/internal/api/grpc/user/v2/user_test.go
+++ b/internal/api/grpc/user/v2/user_test.go
@@ -9,6 +9,8 @@ import (
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"

 	"github.com/zitadel/zitadel/internal/api/grpc"
@@ -21,6 +23,8 @@ import (
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha"
 )

+var ignoreTypes = []protoreflect.FullName{"google.protobuf.Duration", "google.protobuf.Struct"}
+
 func Test_hashedPasswordToCommand(t *testing.T) {
 	type args struct {
 		hashed *user.HashedPassword
@@ -128,8 +132,10 @@ func Test_intentToIDPInformationPb(t *testing.T) {
 						InstanceID:        "instanceID",
 						ChangeDate:        time.Date(2019, 4, 1, 1, 1, 1, 1, time.Local),
 					},
-					IDPID:   "idpID",
-					IDPUser: []byte(`{"id": "id"}`),
+					IDPID:       "idpID",
+					IDPUser:     []byte(`{"userID": "idpUserID", "username": "username"}`),
+					IDPUserID:   "idpUserID",
+					IDPUserName: "username",
 					IDPAccessToken: &crypto.CryptoValue{
 						CryptoType: crypto.TypeEncryption,
 						Algorithm:  "enc",
@@ -158,8 +164,10 @@ func Test_intentToIDPInformationPb(t *testing.T) {
 						InstanceID:        "instanceID",
 						ChangeDate:        time.Date(2019, 4, 1, 1, 1, 1, 1, time.Local),
 					},
-					IDPID:   "idpID",
-					IDPUser: []byte(`{"id": "id"}`),
+					IDPID:       "idpID",
+					IDPUser:     []byte(`{"userID": "idpUserID", "username": "username"}`),
+					IDPUserID:   "idpUserID",
+					IDPUserName: "username",
 					IDPAccessToken: &crypto.CryptoValue{
 						CryptoType: crypto.TypeEncryption,
 						Algorithm:  "enc",
@@ -184,8 +192,19 @@ func Test_intentToIDPInformationPb(t *testing.T) {
 							Oauth: &user.IDPOAuthAccessInformation{
 								AccessToken: "accessToken",
 								IdToken:     gu.Ptr("idToken"),
-							}},
-						IdpInformation: []byte(`{"id": "id"}`),
+							},
+						},
+						IdpId:    "idpID",
+						UserId:   "idpUserID",
+						UserName: "username",
+						RawInformation: func() *structpb.Struct {
+							s, err := structpb.NewStruct(map[string]interface{}{
+								"userID":   "idpUserID",
+								"username": "username",
+							})
+							require.NoError(t, err)
+							return s
+						}(),
 					},
 				},
 				err: nil,
@@ -196,9 +215,9 @@ func Test_intentToIDPInformationPb(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := intentToIDPInformationPb(tt.args.intent, tt.args.alg)
 			require.ErrorIs(t, err, tt.res.err)
-			assert.Equal(t, tt.res.resp, got)
+			grpc.AllFieldsEqual(t, got.ProtoReflect(), tt.res.resp.ProtoReflect(), grpc.CustomMappers)
 			if tt.res.resp != nil {
-				grpc.AllFieldsSet(t, got.ProtoReflect())
+				grpc.AllFieldsSet(t, got.ProtoReflect(), ignoreTypes...)
 			}
 		})
 	}