feat: complete dynamic domain handling (#3482)

* feat: dynamic issuer * feat: default language from context * remove zitadel docs from defaults * remove ConsoleOverwriteDir * remove notification endpoints from defaults * custom domains in emails * remove (external) domain * external domain completely removed, console handling fixed * fix test * fix defaults.yaml
2025-08-12 01:37:31 +00:00 · 2022-04-25 11:16:36 +02:00
parent 75ec73ca4a
commit 2c4799c223
97 changed files with 478 additions and 381 deletions
--- a/internal/api/grpc/management/information.go
+++ b/internal/api/grpc/management/information.go
@@ -3,6 +3,10 @@ package management
 import (
 	"context"

+	"github.com/caos/oidc/v2/pkg/oidc"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	"github.com/caos/zitadel/internal/api/http"
 	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
 )

@@ -10,9 +14,10 @@ func (s *Server) Healthz(context.Context, *mgmt_pb.HealthzRequest) (*mgmt_pb.Hea
 	return &mgmt_pb.HealthzResponse{}, nil
 }

-func (s *Server) GetOIDCInformation(ctx context.Context, req *mgmt_pb.GetOIDCInformationRequest) (*mgmt_pb.GetOIDCInformationResponse, error) {
+func (s *Server) GetOIDCInformation(ctx context.Context, _ *mgmt_pb.GetOIDCInformationRequest) (*mgmt_pb.GetOIDCInformationResponse, error) {
+	issuer := http.BuildOrigin(authz.GetInstance(ctx).RequestedDomain(), s.externalSecure) + s.issuerPath
 	return &mgmt_pb.GetOIDCInformationResponse{
-		Issuer:            s.systemDefaults.ZitadelDocs.Issuer,
-		DiscoveryEndpoint: s.systemDefaults.ZitadelDocs.DiscoveryEndpoint,
+		Issuer:            issuer,
+		DiscoveryEndpoint: issuer + oidc.DiscoveryEndpoint,
 	}, nil
 }
--- a/internal/api/grpc/management/org.go
+++ b/internal/api/grpc/management/org.go
@@ -48,7 +48,7 @@ func (s *Server) ListOrgChanges(ctx context.Context, req *mgmt_pb.ListOrgChanges
 }

 func (s *Server) AddOrg(ctx context.Context, req *mgmt_pb.AddOrgRequest) (*mgmt_pb.AddOrgResponse, error) {
-	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, domain.NewIAMDomainName(req.Name, s.systemDefaults.Domain), "")
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, domain.NewIAMDomainName(req.Name, authz.GetInstance(ctx).RequestedDomain()), "")
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/server.go
+++ b/internal/api/grpc/management/server.go
@@ -26,6 +26,8 @@ type Server struct {
 	assetAPIPrefix  string
 	passwordHashAlg crypto.HashAlgorithm
 	userCodeAlg     crypto.EncryptionAlgorithm
+	externalSecure  bool
+	issuerPath      string
 }

 func CreateServer(
@@ -34,6 +36,8 @@ func CreateServer(
 	sd systemdefaults.SystemDefaults,
 	assetAPIPrefix string,
 	userCodeAlg crypto.EncryptionAlgorithm,
+	externalSecure bool,
+	issuerPath string,
 ) *Server {
 	return &Server{
 		command:         command,
@@ -42,6 +46,8 @@ func CreateServer(
 		assetAPIPrefix:  assetAPIPrefix,
 		passwordHashAlg: crypto.NewBCrypt(sd.SecretGenerators.PasswordSaltCost),
 		userCodeAlg:     userCodeAlg,
+		externalSecure:  externalSecure,
+		issuerPath:      issuerPath,
 	}
 }

--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -16,7 +16,9 @@ import (
 	"github.com/caos/zitadel/internal/api/grpc/metadata"
 	obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
+	"github.com/caos/zitadel/internal/api/http"
 	z_oidc "github.com/caos/zitadel/internal/api/oidc"
+	"github.com/caos/zitadel/internal/api/ui/login"
 	"github.com/caos/zitadel/internal/command"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/query"
@@ -259,8 +261,9 @@ func (s *Server) ImportHumanUser(ctx context.Context, req *mgmt_pb.ImportHumanUs
 		),
 	}
 	if code != nil {
+		origin := http.BuildOrigin(authz.GetInstance(ctx).RequestedHost(), s.externalSecure)
 		resp.PasswordlessRegistration = &mgmt_pb.ImportHumanUserResponse_PasswordlessRegistration{
-			Link:       code.Link(s.systemDefaults.Notifications.Endpoints.PasswordlessRegistration),
+			Link:       code.Link(origin + login.HandlerPrefix + login.EndpointPasswordlessRegistration),
 			Lifetime:   durationpb.New(code.Expiration),
 			Expiration: durationpb.New(code.Expiration),
 		}
@@ -654,9 +657,10 @@ func (s *Server) AddPasswordlessRegistration(ctx context.Context, req *mgmt_pb.A
 	if err != nil {
 		return nil, err
 	}
+	origin := http.BuildOrigin(authz.GetInstance(ctx).RequestedHost(), s.externalSecure)
 	return &mgmt_pb.AddPasswordlessRegistrationResponse{
 		Details:    obj_grpc.AddToDetailsPb(initCode.Sequence, initCode.ChangeDate, initCode.ResourceOwner),
-		Link:       initCode.Link(s.systemDefaults.Notifications.Endpoints.PasswordlessRegistration),
+		Link:       initCode.Link(origin + login.HandlerPrefix + login.EndpointPasswordlessRegistration),
 		Expiration: durationpb.New(initCode.Expiration),
 	}, nil
 }