feat(api): add OIDC session service (#6157)

This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow.


Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>

internal/api/oidc/auth_request_converter.go

@@ -12,20 +12,12 @@ import (
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/api/oidc/amr"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/user/model"
 )
 
-const (
-	// DEPRECATED: use `amrPWD` instead
-	amrPassword     = "password"
-	amrPWD          = "pwd"
-	amrMFA          = "mfa"
-	amrOTP          = "otp"
-	amrUserPresence = "user"
-)
-
 type AuthRequest struct {
 	*domain.AuthRequest
 }
@@ -40,19 +32,19 @@ func (a *AuthRequest) GetACR() string {
 }
 
 func (a *AuthRequest) GetAMR() []string {
-	amr := make([]string, 0)
+	list := make([]string, 0)
 	if a.PasswordVerified {
-		amr = append(amr, amrPassword, amrPWD)
+		list = append(list, amr.Password, amr.PWD)
 	}
 	if len(a.MFAsVerified) > 0 {
-		amr = append(amr, amrMFA)
+		list = append(list, amr.MFA)
 		for _, mfa := range a.MFAsVerified {
 			if amrMFA := AMRFromMFAType(mfa); amrMFA != "" {
-				amr = append(amr, amrMFA)
+				list = append(list, amrMFA)
 			}
 		}
 	}
-	return amr
+	return list
 }
 
 func (a *AuthRequest) GetAudience() []string {
@@ -271,10 +263,10 @@ func CodeChallengeToOIDC(challenge *domain.OIDCCodeChallenge) *oidc.CodeChalleng
 func AMRFromMFAType(mfaType domain.MFAType) string {
 	switch mfaType {
 	case domain.MFATypeOTP:
-		return amrOTP
+		return amr.OTP
 	case domain.MFATypeU2F,
 		domain.MFATypeU2FUserVerification:
-		return amrUserPresence
+		return amr.UserPresence
 	default:
 		return ""
 	}