fix: scim use first email or phone if no primary is set (#9236)

# Which Problems Are Solved - scim v2 only maps the primary phone/email to the zitadel user, this does not work if no primary is set # How the Problems Are Solved - the first phone / email is mapped if no primary is available # Additional Context Part of #8140 Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-12 00:47:33 +00:00 · 2025-01-29 10:18:00 +01:00
parent a59c6b9f84
commit 21f00c1e6b
3 changed files with 60 additions and 0 deletions
--- a/internal/api/scim/resources/user_mapping.go
+++ b/internal/api/scim/resources/user_mapping.go
@@ -154,6 +154,15 @@ func (h *UsersHandler) mapPrimaryEmail(scimUser *ScimUser) (command.Email, error
 		}, nil
 	}

+	// if no primary email was found, the first email will be used
+	for _, email := range scimUser.Emails {
+		email.Primary = true
+		return command.Email{
+			Address:  domain.EmailAddress(email.Value),
+			Verified: h.config.EmailVerified,
+		}, nil
+	}
+
 	return command.Email{}, zerrors.ThrowInvalidArgument(nil, "SCIM-EM19", "Errors.User.Email.Empty")
 }

@@ -169,6 +178,15 @@ func (h *UsersHandler) mapPrimaryPhone(scimUser *ScimUser) *command.Phone {
 		}
 	}

+	// if no primary phone was found, the first phone will be used
+	for _, phone := range scimUser.PhoneNumbers {
+		phone.Primary = true
+		return &command.Phone{
+			Number:   domain.PhoneNumber(phone.Value),
+			Verified: h.config.PhoneVerified,
+		}
+	}
+
 	return nil
 }