feat(api): add OIDC session service (#6157)

This PR starts the OIDC implementation for the API V2 including the Implicit and Code Flow. Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-12-05 09:42:04 +00:00 · 2023-07-10 15:27:00 +02:00
parent be1fe36776
commit 14b8cf4894
69 changed files with 5948 additions and 106 deletions
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -19,6 +19,7 @@ import (
 	"github.com/zitadel/zitadel/pkg/grpc/admin"
 	mgmt "github.com/zitadel/zitadel/pkg/grpc/management"
 	object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha"
+	oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2alpha"
 	session "github.com/zitadel/zitadel/pkg/grpc/session/v2alpha"
 	"github.com/zitadel/zitadel/pkg/grpc/system"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha"
@@ -30,6 +31,7 @@ type Client struct {
 	Mgmt      mgmt.ManagementServiceClient
 	UserV2    user.UserServiceClient
 	SessionV2 session.SessionServiceClient
+	OIDCv2    oidc_pb.OIDCServiceClient
 	System    system.SystemServiceClient
 }

@@ -40,6 +42,7 @@ func newClient(cc *grpc.ClientConn) Client {
 		Mgmt:      mgmt.NewManagementServiceClient(cc),
 		UserV2:    user.NewUserServiceClient(cc),
 		SessionV2: session.NewSessionServiceClient(cc),
+		OIDCv2:    oidc_pb.NewOIDCServiceClient(cc),
 		System:    system.NewSystemServiceClient(cc),
 	}
 }
@@ -62,11 +65,9 @@ func (t *Tester) UseIsolatedInstance(iamOwnerCtx, systemCtx context.Context) (pr
 	}
 	t.createClientConn(iamOwnerCtx, grpc.WithAuthority(primaryDomain))
 	instanceId = instance.GetInstanceId()
-	t.Users[instanceId] = map[UserType]User{
-		IAMOwner: {
-			Token: instance.GetPat(),
-		},
-	}
+	t.Users.Set(instanceId, IAMOwner, &User{
+		Token: instance.GetPat(),
+	})
 	return primaryDomain, instanceId, t.WithInstanceAuthorization(iamOwnerCtx, IAMOwner, instanceId)
 }

@@ -187,3 +188,34 @@ func (s *Tester) CreateSuccessfulIntent(t *testing.T, idpID, userID, idpUserID s
 	require.NoError(t, err)
 	return intentID, token, writeModel.ChangeDate, writeModel.ProcessedSequence
 }
+
+func (s *Tester) CreatePasskeySession(t *testing.T, ctx context.Context, userID string) (id, token string, start, change time.Time) {
+	createResp, err := s.Client.SessionV2.CreateSession(ctx, &session.CreateSessionRequest{
+		Checks: &session.Checks{
+			User: &session.CheckUser{
+				Search: &session.CheckUser_UserId{UserId: userID},
+			},
+		},
+		Challenges: []session.ChallengeKind{
+			session.ChallengeKind_CHALLENGE_KIND_PASSKEY,
+		},
+		Domain: s.Config.ExternalDomain,
+	})
+	require.NoError(t, err)
+
+	assertion, err := s.WebAuthN.CreateAssertionResponse(createResp.GetChallenges().GetPasskey().GetPublicKeyCredentialRequestOptions())
+	require.NoError(t, err)
+
+	updateResp, err := s.Client.SessionV2.SetSession(ctx, &session.SetSessionRequest{
+		SessionId:    createResp.GetSessionId(),
+		SessionToken: createResp.GetSessionToken(),
+		Checks: &session.Checks{
+			Passkey: &session.CheckPasskey{
+				CredentialAssertionData: assertion,
+			},
+		},
+	})
+	require.NoError(t, err)
+	return createResp.GetSessionId(), updateResp.GetSessionToken(),
+		createResp.GetDetails().GetChangeDate().AsTime(), updateResp.GetDetails().GetChangeDate().AsTime()
+}