refactor(v2): init events (#7823)

creates events structures for initial projections and read models

internal/v2/user/aggregate.go

@@ -0,0 +1,23 @@
+package user
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+)
+
+const (
+	AggregateType = "user"
+	humanPrefix   = AggregateType + ".human"
+	machinePrefix = AggregateType + ".machine"
+)
+
+func NewAggregate(ctx context.Context, id string) *eventstore.Aggregate {
+	return &eventstore.Aggregate{
+		ID:       id,
+		Type:     AggregateType,
+		Instance: authz.GetInstance(ctx).InstanceID(),
+		Owner:    authz.GetCtxData(ctx).OrgID,
+	}
+}

internal/v2/user/domain_claimed.go

@@ -0,0 +1,38 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type domainClaimedPayload struct {
+	Username          string `json:"userName"`
+	TriggeredAtOrigin string `json:"triggerOrigin,omitempty"`
+}
+
+type DomainClaimedEvent eventstore.Event[domainClaimedPayload]
+
+const DomainClaimedType = AggregateType + ".domain.claimed.sent"
+
+var _ eventstore.TypeChecker = (*DomainClaimedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *DomainClaimedEvent) ActionType() string {
+	return DomainClaimedType
+}
+
+func DomainClaimedEventFromStorage(event *eventstore.StorageEvent) (e *DomainClaimedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-x8O4o", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[domainClaimedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &DomainClaimedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/human_added.go

@@ -0,0 +1,57 @@
+package user
+
+import (
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const HumanAddedType = AggregateType + ".human.added"
+
+type humanAddedPayload struct {
+	Username string `json:"userName"`
+
+	FirstName         string        `json:"firstName,omitempty"`
+	LastName          string        `json:"lastName,omitempty"`
+	NickName          string        `json:"nickName,omitempty"`
+	DisplayName       string        `json:"displayName,omitempty"`
+	PreferredLanguage language.Tag  `json:"preferredLanguage,omitempty"`
+	Gender            domain.Gender `json:"gender,omitempty"`
+
+	EmailAddress domain.EmailAddress `json:"email,omitempty"`
+	PhoneNumber  domain.PhoneNumber  `json:"phone,omitempty"`
+
+	// New events only use EncodedHash. However, the secret field
+	// is preserved to handle events older than the switch to Passwap.
+	Secret                 *crypto.CryptoValue `json:"secret,omitempty"`
+	EncodedHash            string              `json:"encodedHash,omitempty"`
+	PasswordChangeRequired bool                `json:"changeRequired,omitempty"`
+}
+
+type HumanAddedEvent eventstore.Event[humanAddedPayload]
+
+var _ eventstore.TypeChecker = (*HumanAddedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanAddedEvent) ActionType() string {
+	return HumanAddedType
+}
+
+func HumanAddedEventFromStorage(event *eventstore.StorageEvent) (e *HumanAddedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-MRZ3p", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[humanAddedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanAddedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/human_avatar.go

@@ -0,0 +1,61 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/avatar"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type HumanAvatarAddedEvent eventstore.Event[avatar.AddedPayload]
+
+const HumanAvatarAddedType = humanPrefix + avatar.AvatarAddedTypeSuffix
+
+var _ eventstore.TypeChecker = (*HumanAvatarAddedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanAvatarAddedEvent) ActionType() string {
+	return HumanAvatarAddedType
+}
+
+func HumanAvatarAddedEventFromStorage(event *eventstore.StorageEvent) (e *HumanAvatarAddedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-ddQaI", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[avatar.AddedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanAvatarAddedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}
+
+type HumanAvatarRemovedEvent eventstore.Event[avatar.RemovedPayload]
+
+const HumanAvatarRemovedType = humanPrefix + avatar.AvatarRemovedTypeSuffix
+
+var _ eventstore.TypeChecker = (*HumanAvatarRemovedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanAvatarRemovedEvent) ActionType() string {
+	return HumanAvatarRemovedType
+}
+
+func HumanAvatarRemovedEventFromStorage(event *eventstore.StorageEvent) (e *HumanAvatarRemovedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-j2CkY", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[avatar.RemovedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanAvatarRemovedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/human_email_changed.go

@@ -0,0 +1,38 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type humanEmailChangedPayload struct {
+	Address domain.EmailAddress `json:"email,omitempty"`
+}
+
+type HumanEmailChangedEvent eventstore.Event[humanEmailChangedPayload]
+
+const HumanEmailChangedType = humanPrefix + ".email.changed"
+
+var _ eventstore.TypeChecker = (*HumanEmailChangedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanEmailChangedEvent) ActionType() string {
+	return HumanEmailChangedType
+}
+
+func HumanEmailChangedEventFromStorage(event *eventstore.StorageEvent) (e *HumanEmailChangedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-Wr2lR", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[humanEmailChangedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanEmailChangedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/human_email_verified.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type HumanEmailVerifiedEvent eventstore.Event[eventstore.EmptyPayload]
+
+const HumanEmailVerifiedType = humanPrefix + ".email.verified"
+
+var _ eventstore.TypeChecker = (*HumanEmailVerifiedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanEmailVerifiedEvent) ActionType() string {
+	return HumanEmailVerifiedType
+}
+
+func HumanEmailVerifiedEventFromStorage(event *eventstore.StorageEvent) (e *HumanEmailVerifiedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-X3esB", "Errors.Invalid.Event.Type")
+	}
+
+	return &HumanEmailVerifiedEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/human_init_code_added.go

@@ -0,0 +1,43 @@
+package user
+
+import (
+	"time"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type humanInitCodeAddedPayload struct {
+	Code              *crypto.CryptoValue `json:"code,omitempty"`
+	Expiry            time.Duration       `json:"expiry,omitempty"`
+	TriggeredAtOrigin string              `json:"triggerOrigin,omitempty"`
+	AuthRequestID     string              `json:"authRequestID,omitempty"`
+}
+
+type HumanInitCodeAddedEvent eventstore.Event[humanInitCodeAddedPayload]
+
+const HumanInitCodeAddedType = humanPrefix + ".initialization.code.added"
+
+var _ eventstore.TypeChecker = (*HumanInitCodeAddedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanInitCodeAddedEvent) ActionType() string {
+	return HumanInitCodeAddedType
+}
+
+func HumanInitCodeAddedEventFromStorage(event *eventstore.StorageEvent) (e *HumanInitCodeAddedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-XaGf6", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[humanInitCodeAddedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanInitCodeAddedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/human_init_code_succeeded.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type HumanInitCodeSucceededEvent eventstore.Event[eventstore.EmptyPayload]
+
+const HumanInitCodeSucceededType = humanPrefix + ".initialization.check.succeeded"
+
+var _ eventstore.TypeChecker = (*HumanInitCodeSucceededEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanInitCodeSucceededEvent) ActionType() string {
+	return HumanInitCodeSucceededType
+}
+
+func HumanInitCodeSucceededEventFromStorage(event *eventstore.StorageEvent) (e *HumanInitCodeSucceededEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-12A5m", "Errors.Invalid.Event.Type")
+	}
+
+	return &HumanInitCodeSucceededEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/human_password_changed.go

@@ -0,0 +1,44 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type humanPasswordChangedPayload struct {
+	// New events only use EncodedHash. However, the secret field
+	// is preserved to handle events older than the switch to Passwap.
+	Secret            *crypto.CryptoValue `json:"secret,omitempty"`
+	EncodedHash       string              `json:"encodedHash,omitempty"`
+	ChangeRequired    bool                `json:"changeRequired"`
+	UserAgentID       string              `json:"userAgentID,omitempty"`
+	TriggeredAtOrigin string              `json:"triggerOrigin,omitempty"`
+}
+
+type HumanPasswordChangedEvent eventstore.Event[humanPasswordChangedPayload]
+
+const HumanPasswordChangedType = humanPrefix + ".password.changed"
+
+var _ eventstore.TypeChecker = (*HumanPasswordChangedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanPasswordChangedEvent) ActionType() string {
+	return HumanPasswordChangedType
+}
+
+func HumanPasswordChangedEventFromStorage(event *eventstore.StorageEvent) (e *HumanPasswordChangedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-Fx5tr", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[humanPasswordChangedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanPasswordChangedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/human_phone_changed.go

@@ -0,0 +1,38 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type humanPhoneChangedPayload struct {
+	PhoneNumber domain.PhoneNumber `json:"phone,omitempty"`
+}
+
+type HumanPhoneChangedEvent eventstore.Event[humanPhoneChangedPayload]
+
+const HumanPhoneChangedType = humanPrefix + ".phone.changed"
+
+var _ eventstore.TypeChecker = (*HumanPhoneChangedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanPhoneChangedEvent) ActionType() string {
+	return HumanPhoneChangedType
+}
+
+func HumanPhoneChangedEventFromStorage(event *eventstore.StorageEvent) (e *HumanPhoneChangedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-d6hGS", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[humanPhoneChangedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanPhoneChangedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/human_phone_removed.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type HumanPhoneRemovedEvent eventstore.Event[eventstore.EmptyPayload]
+
+const HumanPhoneRemovedType = humanPrefix + ".phone.removed"
+
+var _ eventstore.TypeChecker = (*HumanPhoneRemovedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanPhoneRemovedEvent) ActionType() string {
+	return HumanPhoneRemovedType
+}
+
+func HumanPhoneRemovedEventFromStorage(event *eventstore.StorageEvent) (e *HumanPhoneRemovedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-vaD75", "Errors.Invalid.Event.Type")
+	}
+
+	return &HumanPhoneRemovedEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/human_phone_verified.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type HumanPhoneVerifiedEvent eventstore.Event[eventstore.EmptyPayload]
+
+const HumanPhoneVerifiedType = humanPrefix + ".phone.removed"
+
+var _ eventstore.TypeChecker = (*HumanPhoneVerifiedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanPhoneVerifiedEvent) ActionType() string {
+	return HumanPhoneVerifiedType
+}
+
+func HumanPhoneVerifiedEventFromStorage(event *eventstore.StorageEvent) (e *HumanPhoneVerifiedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-ycRBi", "Errors.Invalid.Event.Type")
+	}
+
+	return &HumanPhoneVerifiedEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/human_profile_changed.go

@@ -0,0 +1,45 @@
+package user
+
+import (
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type humanProfileChangedPayload struct {
+	FirstName         string         `json:"firstName,omitempty"`
+	LastName          string         `json:"lastName,omitempty"`
+	NickName          *string        `json:"nickName,omitempty"`
+	DisplayName       *string        `json:"displayName,omitempty"`
+	PreferredLanguage *language.Tag  `json:"preferredLanguage,omitempty"`
+	Gender            *domain.Gender `json:"gender,omitempty"`
+}
+
+type HumanProfileChangedEvent eventstore.Event[humanProfileChangedPayload]
+
+const HumanProfileChangedType = humanPrefix + ".profile.changed"
+
+var _ eventstore.TypeChecker = (*HumanProfileChangedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanProfileChangedEvent) ActionType() string {
+	return HumanProfileChangedType
+}
+
+func HumanProfileChangedEventFromStorage(event *eventstore.StorageEvent) (e *HumanProfileChangedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-Z1aFH", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[humanProfileChangedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanProfileChangedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/human_registered.go

@@ -0,0 +1,55 @@
+package user
+
+import (
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type humanRegisteredPayload struct {
+	Username          string              `json:"userName"`
+	FirstName         string              `json:"firstName,omitempty"`
+	LastName          string              `json:"lastName,omitempty"`
+	NickName          string              `json:"nickName,omitempty"`
+	DisplayName       string              `json:"displayName,omitempty"`
+	PreferredLanguage language.Tag        `json:"preferredLanguage,omitempty"`
+	Gender            domain.Gender       `json:"gender,omitempty"`
+	EmailAddress      domain.EmailAddress `json:"email,omitempty"`
+	PhoneNumber       domain.PhoneNumber  `json:"phone,omitempty"`
+
+	// New events only use EncodedHash. However, the secret field
+	// is preserved to handle events older than the switch to Passwap.
+	Secret                 *crypto.CryptoValue `json:"secret,omitempty"` // legacy
+	EncodedHash            string              `json:"encodedHash,omitempty"`
+	PasswordChangeRequired bool                `json:"changeRequired,omitempty"`
+}
+
+type HumanRegisteredEvent eventstore.Event[humanRegisteredPayload]
+
+const HumanRegisteredType = humanPrefix + ".selfregistered"
+
+var _ eventstore.TypeChecker = (*HumanRegisteredEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *HumanRegisteredEvent) ActionType() string {
+	return HumanRegisteredType
+}
+
+func HumanRegisteredEventFromStorage(event *eventstore.StorageEvent) (e *HumanRegisteredEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-8HvGi", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[humanRegisteredPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HumanRegisteredEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/machine_added.go

@@ -0,0 +1,41 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type machineAddedPayload struct {
+	Username        string               `json:"userName"`
+	Name            string               `json:"name,omitempty"`
+	Description     string               `json:"description,omitempty"`
+	AccessTokenType domain.OIDCTokenType `json:"accessTokenType,omitempty"`
+}
+
+type MachineAddedEvent eventstore.Event[machineAddedPayload]
+
+const MachineAddedType = machinePrefix + ".added"
+
+var _ eventstore.TypeChecker = (*MachineAddedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *MachineAddedEvent) ActionType() string {
+	return MachineAddedType
+}
+
+func MachineAddedEventFromStorage(event *eventstore.StorageEvent) (e *MachineAddedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-WLLoW", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[machineAddedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MachineAddedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/machine_changed.go

@@ -0,0 +1,40 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type machineChangedPayload struct {
+	Name            *string               `json:"name,omitempty"`
+	Description     *string               `json:"description,omitempty"`
+	AccessTokenType *domain.OIDCTokenType `json:"accessTokenType,omitempty"`
+}
+
+type MachineChangedEvent eventstore.Event[machineChangedPayload]
+
+const MachineChangedType = machinePrefix + ".changed"
+
+var _ eventstore.TypeChecker = (*MachineChangedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *MachineChangedEvent) ActionType() string {
+	return MachineChangedType
+}
+
+func MachineChangedEventFromStorage(event *eventstore.StorageEvent) (e *MachineChangedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-JHwNs", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[machineChangedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MachineChangedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/machine_secret_hash_updated.go

@@ -0,0 +1,37 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type machineSecretHashUpdatedPayload struct {
+	HashedSecret string `json:"hashedSecret,omitempty"`
+}
+
+type MachineSecretHashUpdatedEvent eventstore.Event[machineSecretHashUpdatedPayload]
+
+const MachineSecretHashUpdatedType = machinePrefix + ".secret.updated"
+
+var _ eventstore.TypeChecker = (*MachineSecretHashUpdatedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *MachineSecretHashUpdatedEvent) ActionType() string {
+	return MachineSecretHashUpdatedType
+}
+
+func MachineSecretHashUpdatedEventFromStorage(event *eventstore.StorageEvent) (e *MachineSecretHashUpdatedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-y41RK", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[machineSecretHashUpdatedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MachineSecretHashUpdatedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/machine_secret_removed.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type MachineSecretRemovedEvent eventstore.Event[eventstore.EmptyPayload]
+
+const MachineSecretRemovedType = machinePrefix + ".secret.removed"
+
+var _ eventstore.TypeChecker = (*MachineSecretRemovedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *MachineSecretRemovedEvent) ActionType() string {
+	return MachineSecretRemovedType
+}
+
+func MachineSecretRemovedEventFromStorage(event *eventstore.StorageEvent) (e *MachineSecretRemovedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-SMtct", "Errors.Invalid.Event.Type")
+	}
+
+	return &MachineSecretRemovedEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/machine_secret_set.go

@@ -0,0 +1,41 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type machineSecretSetPayload struct {
+	// New events only use EncodedHash. However, the ClientSecret field
+	// is preserved to handle events older than the switch to Passwap.
+	ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
+	HashedSecret string              `json:"hashedSecret,omitempty"`
+}
+
+type MachineSecretHashSetEvent eventstore.Event[machineSecretSetPayload]
+
+const MachineSecretHashSetType = machinePrefix + ".secret.set"
+
+var _ eventstore.TypeChecker = (*MachineSecretHashSetEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *MachineSecretHashSetEvent) ActionType() string {
+	return MachineSecretHashSetType
+}
+
+func MachineSecretHashSetEventFromStorage(event *eventstore.StorageEvent) (e *MachineSecretHashSetEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-DzycT", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[machineSecretSetPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MachineSecretHashSetEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/token_added.go

@@ -0,0 +1,51 @@
+package user
+
+import (
+	"time"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type tokenAddedPayload struct {
+	TokenID               string             `json:"tokenId,omitempty"`
+	ApplicationID         string             `json:"applicationId,omitempty"`
+	UserAgentID           string             `json:"userAgentId,omitempty"`
+	RefreshTokenID        string             `json:"refreshTokenID,omitempty"`
+	Audience              []string           `json:"audience,omitempty"`
+	Scopes                []string           `json:"scopes,omitempty"`
+	AuthMethodsReferences []string           `json:"authMethodsReferences,omitempty"`
+	AuthTime              time.Time          `json:"authTime,omitempty"`
+	Expiration            time.Time          `json:"expiration,omitempty"`
+	PreferredLanguage     string             `json:"preferredLanguage,omitempty"`
+	Reason                domain.TokenReason `json:"reason,omitempty"`
+	Actor                 *domain.TokenActor `json:"actor,omitempty"`
+}
+
+type TokenAddedEvent eventstore.Event[tokenAddedPayload]
+
+const TokenAddedType = AggregateType + ".token.added"
+
+var _ eventstore.TypeChecker = (*TokenAddedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *TokenAddedEvent) ActionType() string {
+	return TokenAddedType
+}
+
+func TokenAddedEventFromStorage(event *eventstore.StorageEvent) (e *TokenAddedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-0YSt4", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[tokenAddedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &TokenAddedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}

internal/v2/user/user_deactivated.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type DeactivatedEvent eventstore.Event[eventstore.EmptyPayload]
+
+const DeactivatedType = AggregateType + ".deactivated"
+
+var _ eventstore.TypeChecker = (*DeactivatedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *DeactivatedEvent) ActionType() string {
+	return DeactivatedType
+}
+
+func DeactivatedEventFromStorage(event *eventstore.StorageEvent) (e *DeactivatedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-SBLu2", "Errors.Invalid.Event.Type")
+	}
+
+	return &DeactivatedEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/user_locked.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type LockedEvent eventstore.Event[eventstore.EmptyPayload]
+
+const LockedType = AggregateType + ".locked"
+
+var _ eventstore.TypeChecker = (*LockedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *LockedEvent) ActionType() string {
+	return LockedType
+}
+
+func LockedEventFromStorage(event *eventstore.StorageEvent) (e *LockedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-48jjE", "Errors.Invalid.Event.Type")
+	}
+
+	return &LockedEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/user_reactivated.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type ReactivatedEvent eventstore.Event[eventstore.EmptyPayload]
+
+const ReactivatedType = AggregateType + ".reactivated"
+
+var _ eventstore.TypeChecker = (*ReactivatedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *ReactivatedEvent) ActionType() string {
+	return ReactivatedType
+}
+
+func ReactivatedEventFromStorage(event *eventstore.StorageEvent) (e *ReactivatedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-B3fcY", "Errors.Invalid.Event.Type")
+	}
+
+	return &ReactivatedEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/user_removed.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type RemovedEvent eventstore.Event[eventstore.EmptyPayload]
+
+const RemovedType = AggregateType + ".removed"
+
+var _ eventstore.TypeChecker = (*RemovedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *RemovedEvent) ActionType() string {
+	return RemovedType
+}
+
+func RemovedEventFromStorage(event *eventstore.StorageEvent) (e *RemovedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-UN6Xa", "Errors.Invalid.Event.Type")
+	}
+
+	return &RemovedEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/user_unlocked.go

@@ -0,0 +1,27 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type UnlockedEvent eventstore.Event[eventstore.EmptyPayload]
+
+const UnlockedType = AggregateType + ".unlocked"
+
+var _ eventstore.TypeChecker = (*UnlockedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *UnlockedEvent) ActionType() string {
+	return UnlockedType
+}
+
+func UnlockedEventFromStorage(event *eventstore.StorageEvent) (e *UnlockedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-HB0wi", "Errors.Invalid.Event.Type")
+	}
+
+	return &UnlockedEvent{
+		StorageEvent: event,
+	}, nil
+}

internal/v2/user/username_changed.go

@@ -0,0 +1,37 @@
+package user
+
+import (
+	"github.com/zitadel/zitadel/internal/v2/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type usernameChangedPayload struct {
+	Username string `json:"userName"`
+}
+
+type UsernameChangedEvent eventstore.Event[usernameChangedPayload]
+
+const UsernameChangedType = AggregateType + ".username.changed"
+
+var _ eventstore.TypeChecker = (*UsernameChangedEvent)(nil)
+
+// ActionType implements eventstore.Typer.
+func (c *UsernameChangedEvent) ActionType() string {
+	return UsernameChangedType
+}
+
+func UsernameChangedEventFromStorage(event *eventstore.StorageEvent) (e *UsernameChangedEvent, _ error) {
+	if event.Type != e.ActionType() {
+		return nil, zerrors.ThrowInvalidArgument(nil, "USER-hCGsh", "Errors.Invalid.Event.Type")
+	}
+
+	payload, err := eventstore.UnmarshalPayload[usernameChangedPayload](event.Payload)
+	if err != nil {
+		return nil, err
+	}
+
+	return &UsernameChangedEvent{
+		StorageEvent: event,
+		Payload:      payload,
+	}, nil
+}