feat(api): add OIDC session service (#6157)

This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow. Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-11 18:57:32 +00:00 · 2023-07-10 15:27:00 +02:00
parent be1fe36776
commit 14b8cf4894
69 changed files with 5948 additions and 106 deletions
--- a/internal/command/session_model.go
+++ b/internal/command/session_model.go
@@ -52,6 +52,24 @@ type SessionWriteModel struct {
 	aggregate *eventstore.Aggregate
 }

+func (wm *SessionWriteModel) IsPasswordChecked() bool {
+	return !wm.PasswordCheckedAt.IsZero()
+}
+
+func (wm *SessionWriteModel) IsPasskeyChecked() bool {
+	return !wm.PasskeyCheckedAt.IsZero()
+}
+
+func (wm *SessionWriteModel) IsU2FChecked() bool {
+	// TODO: implement with https://github.com/zitadel/zitadel/issues/5477
+	return false
+}
+
+func (wm *SessionWriteModel) IsOTPChecked() bool {
+	// TODO: implement with https://github.com/zitadel/zitadel/issues/5477
+	return false
+}
+
 func NewSessionWriteModel(sessionID string, resourceOwner string) *SessionWriteModel {
 	return &SessionWriteModel{
 		WriteModel: eventstore.WriteModel{
@@ -210,3 +228,19 @@ func (wm *SessionWriteModel) ChangeMetadata(ctx context.Context, metadata map[st
 		wm.commands = append(wm.commands, session.NewMetadataSetEvent(ctx, wm.aggregate, wm.Metadata))
 	}
 }
+
+// AuthenticationTime returns the time the user authenticated using the latest time of all checks
+func (wm *SessionWriteModel) AuthenticationTime() time.Time {
+	var authTime time.Time
+	for _, check := range []time.Time{
+		wm.PasswordCheckedAt,
+		wm.PasskeyCheckedAt,
+		wm.IntentCheckedAt,
+		// TODO: add U2F and OTP check https://github.com/zitadel/zitadel/issues/5477
+	} {
+		if check.After(authTime) {
+			authTime = check
+		}
+	}
+	return authTime
+}