feat: App API v2 (#10077)

# Which Problems Are Solved This PR *partially* addresses #9450 . Specifically, it implements the resource based API for the apps. APIs for app keys ARE not part of this PR. # How the Problems Are Solved - `CreateApplication`, `PatchApplication` (update) and `RegenerateClientSecret` endpoints are now unique for all app types: API, SAML and OIDC apps. - All new endpoints have integration tests - All new endpoints are using permission checks V2 # Additional Changes - The `ListApplications` endpoint allows to do sorting (see protobuf for details) and filtering by app type (see protobuf). - SAML and OIDC update endpoint can now receive requests for partial updates # Additional Context Partially addresses #9450
2025-08-12 00:57:33 +00:00 · 2025-06-27 17:25:44 +02:00
parent 016676e1dc
commit 2691dae2b6
48 changed files with 6845 additions and 603 deletions
--- a/internal/api/grpc/app/v2beta/app.go
+++ b/internal/api/grpc/app/v2beta/app.go
@@ -0,0 +1,208 @@
+package app
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/api/grpc/app/v2beta/convert"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/zerrors"
+	app "github.com/zitadel/zitadel/pkg/grpc/app/v2beta"
+)
+
+func (s *Server) CreateApplication(ctx context.Context, req *app.CreateApplicationRequest) (*app.CreateApplicationResponse, error) {
+	switch t := req.GetCreationRequestType().(type) {
+	case *app.CreateApplicationRequest_ApiRequest:
+		apiApp, err := s.command.AddAPIApplication(ctx, convert.CreateAPIApplicationRequestToDomain(req.GetName(), req.GetProjectId(), req.GetId(), t.ApiRequest), "")
+		if err != nil {
+			return nil, err
+		}
+
+		return &app.CreateApplicationResponse{
+			AppId:        apiApp.AppID,
+			CreationDate: timestamppb.New(apiApp.ChangeDate),
+			CreationResponseType: &app.CreateApplicationResponse_ApiResponse{
+				ApiResponse: &app.CreateAPIApplicationResponse{
+					ClientId:     apiApp.ClientID,
+					ClientSecret: apiApp.ClientSecretString,
+				},
+			},
+		}, nil
+
+	case *app.CreateApplicationRequest_OidcRequest:
+		oidcAppRequest, err := convert.CreateOIDCAppRequestToDomain(req.GetName(), req.GetProjectId(), req.GetOidcRequest())
+		if err != nil {
+			return nil, err
+		}
+
+		oidcApp, err := s.command.AddOIDCApplication(ctx, oidcAppRequest, "")
+		if err != nil {
+			return nil, err
+		}
+
+		return &app.CreateApplicationResponse{
+			AppId:        oidcApp.AppID,
+			CreationDate: timestamppb.New(oidcApp.ChangeDate),
+			CreationResponseType: &app.CreateApplicationResponse_OidcResponse{
+				OidcResponse: &app.CreateOIDCApplicationResponse{
+					ClientId:           oidcApp.ClientID,
+					ClientSecret:       oidcApp.ClientSecretString,
+					NoneCompliant:      oidcApp.Compliance.NoneCompliant,
+					ComplianceProblems: convert.ComplianceProblemsToLocalizedMessages(oidcApp.Compliance.Problems),
+				},
+			},
+		}, nil
+
+	case *app.CreateApplicationRequest_SamlRequest:
+		samlAppRequest, err := convert.CreateSAMLAppRequestToDomain(req.GetName(), req.GetProjectId(), req.GetSamlRequest())
+		if err != nil {
+			return nil, err
+		}
+
+		samlApp, err := s.command.AddSAMLApplication(ctx, samlAppRequest, "")
+		if err != nil {
+			return nil, err
+		}
+
+		return &app.CreateApplicationResponse{
+			AppId:        samlApp.AppID,
+			CreationDate: timestamppb.New(samlApp.ChangeDate),
+			CreationResponseType: &app.CreateApplicationResponse_SamlResponse{
+				SamlResponse: &app.CreateSAMLApplicationResponse{},
+			},
+		}, nil
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "APP-0iiN46", "unknown app type")
+	}
+}
+
+func (s *Server) UpdateApplication(ctx context.Context, req *app.UpdateApplicationRequest) (*app.UpdateApplicationResponse, error) {
+	var changedTime time.Time
+
+	if name := strings.TrimSpace(req.GetName()); name != "" {
+		updatedDetails, err := s.command.UpdateApplicationName(
+			ctx,
+			req.GetProjectId(),
+			&domain.ChangeApp{
+				AppID:   req.GetId(),
+				AppName: name,
+			},
+			"",
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		changedTime = updatedDetails.EventDate
+	}
+
+	switch t := req.GetUpdateRequestType().(type) {
+	case *app.UpdateApplicationRequest_ApiConfigurationRequest:
+		updatedAPIApp, err := s.command.UpdateAPIApplication(ctx, convert.UpdateAPIApplicationConfigurationRequestToDomain(req.GetId(), req.GetProjectId(), t.ApiConfigurationRequest), "")
+		if err != nil {
+			return nil, err
+		}
+
+		changedTime = updatedAPIApp.ChangeDate
+
+	case *app.UpdateApplicationRequest_OidcConfigurationRequest:
+		oidcApp, err := convert.UpdateOIDCAppConfigRequestToDomain(req.GetId(), req.GetProjectId(), t.OidcConfigurationRequest)
+		if err != nil {
+			return nil, err
+		}
+
+		updatedOIDCApp, err := s.command.UpdateOIDCApplication(ctx, oidcApp, "")
+		if err != nil {
+			return nil, err
+		}
+
+		changedTime = updatedOIDCApp.ChangeDate
+
+	case *app.UpdateApplicationRequest_SamlConfigurationRequest:
+		samlApp, err := convert.UpdateSAMLAppConfigRequestToDomain(req.GetId(), req.GetProjectId(), t.SamlConfigurationRequest)
+		if err != nil {
+			return nil, err
+		}
+
+		updatedSAMLApp, err := s.command.UpdateSAMLApplication(ctx, samlApp, "")
+		if err != nil {
+			return nil, err
+		}
+
+		changedTime = updatedSAMLApp.ChangeDate
+	}
+
+	return &app.UpdateApplicationResponse{
+		ChangeDate: timestamppb.New(changedTime),
+	}, nil
+}
+
+func (s *Server) DeleteApplication(ctx context.Context, req *app.DeleteApplicationRequest) (*app.DeleteApplicationResponse, error) {
+	details, err := s.command.RemoveApplication(ctx, req.GetProjectId(), req.GetId(), "")
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.DeleteApplicationResponse{
+		DeletionDate: timestamppb.New(details.EventDate),
+	}, nil
+}
+
+func (s *Server) DeactivateApplication(ctx context.Context, req *app.DeactivateApplicationRequest) (*app.DeactivateApplicationResponse, error) {
+	details, err := s.command.DeactivateApplication(ctx, req.GetProjectId(), req.GetId(), "")
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.DeactivateApplicationResponse{
+		DeactivationDate: timestamppb.New(details.EventDate),
+	}, nil
+
+}
+
+func (s *Server) ReactivateApplication(ctx context.Context, req *app.ReactivateApplicationRequest) (*app.ReactivateApplicationResponse, error) {
+	details, err := s.command.ReactivateApplication(ctx, req.GetProjectId(), req.GetId(), "")
+	if err != nil {
+		return nil, err
+	}
+
+	return &app.ReactivateApplicationResponse{
+		ReactivationDate: timestamppb.New(details.EventDate),
+	}, nil
+
+}
+
+func (s *Server) RegenerateClientSecret(ctx context.Context, req *app.RegenerateClientSecretRequest) (*app.RegenerateClientSecretResponse, error) {
+	var secret string
+	var changeDate time.Time
+
+	switch req.GetAppType().(type) {
+	case *app.RegenerateClientSecretRequest_IsApi:
+		config, err := s.command.ChangeAPIApplicationSecret(ctx, req.GetProjectId(), req.GetApplicationId(), "")
+		if err != nil {
+			return nil, err
+		}
+		secret = config.ClientSecretString
+		changeDate = config.ChangeDate
+
+	case *app.RegenerateClientSecretRequest_IsOidc:
+		config, err := s.command.ChangeOIDCApplicationSecret(ctx, req.GetProjectId(), req.GetApplicationId(), "")
+		if err != nil {
+			return nil, err
+		}
+
+		secret = config.ClientSecretString
+		changeDate = config.ChangeDate
+
+	default:
+		return nil, zerrors.ThrowInvalidArgument(nil, "APP-aLWIzw", "unknown app type")
+	}
+
+	return &app.RegenerateClientSecretResponse{
+		ClientSecret: secret,
+		CreationDate: timestamppb.New(changeDate),
+	}, nil
+}