fix: use of generic oauth provider (#5345)

Adds a id_attribute to the GenericOAuthProvider, which is used to map the external User. Further mapping can be done in actions by using the `rawInfo` of the new `ctx.v1.providerInfo` field.

internal/query/projection/idp_login_policy_link.go

@@ -81,6 +81,10 @@ func (p *idpLoginPolicyLinkProjection) reducers() []handler.AggregateReducer {
 					Event:  org.IDPConfigRemovedEventType,
 					Reduce: p.reduceIDPConfigRemoved,
 				},
+				{
+					Event:  org.IDPRemovedEventType,
+					Reduce: p.reduceIDPRemoved,
+				},
 				{
 					Event:  org.OrgRemovedEventType,
 					Reduce: p.reduceOwnerRemoved,
@@ -106,6 +110,10 @@ func (p *idpLoginPolicyLinkProjection) reducers() []handler.AggregateReducer {
 					Event:  instance.IDPConfigRemovedEventType,
 					Reduce: p.reduceIDPConfigRemoved,
 				},
+				{
+					Event:  instance.IDPRemovedEventType,
+					Reduce: p.reduceIDPRemoved,
+				},
 				{
 					Event:  instance.InstanceRemovedEventType,
 					Reduce: reduceInstanceRemovedHelper(IDPUserLinkInstanceIDCol),
@@ -209,6 +217,27 @@ func (p *idpLoginPolicyLinkProjection) reduceIDPConfigRemoved(event eventstore.E
 	), nil
 }
 
+func (p *idpLoginPolicyLinkProjection) reduceIDPRemoved(event eventstore.Event) (*handler.Statement, error) {
+	var idpID string
+
+	switch e := event.(type) {
+	case *org.IDPRemovedEvent:
+		idpID = e.ID
+	case *instance.IDPRemovedEvent:
+		idpID = e.ID
+	default:
+		return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SFED3", "reduce.wrong.event.type %v", []eventstore.EventType{org.IDPRemovedEventType, instance.IDPRemovedEventType})
+	}
+
+	return crdb.NewDeleteStatement(event,
+		[]handler.Condition{
+			handler.NewCond(IDPLoginPolicyLinkIDPIDCol, idpID),
+			handler.NewCond(IDPLoginPolicyLinkResourceOwnerCol, event.Aggregate().ResourceOwner),
+			handler.NewCond(IDPLoginPolicyLinkInstanceIDCol, event.Aggregate().InstanceID),
+		},
+	), nil
+}
+
 func (p *idpLoginPolicyLinkProjection) reducePolicyRemoved(event eventstore.Event) (*handler.Statement, error) {
 	e, ok := event.(*org.LoginPolicyRemovedEvent)
 	if !ok {

internal/query/projection/idp_login_policy_link_test.go

@@ -331,6 +331,66 @@ func TestIDPLoginPolicyLinkProjection_reduces(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "org IDPRemovedEvent",
+			args: args{
+				event: getEvent(testEvent(
+					repository.EventType(org.IDPRemovedEventType),
+					org.AggregateType,
+					[]byte(`{
+						"id": "id"
+					}`),
+				), org.IDPRemovedEventMapper),
+			},
+			reduce: (&idpLoginPolicyLinkProjection{}).reduceIDPRemoved,
+			want: wantReduce{
+				aggregateType:    org.AggregateType,
+				sequence:         15,
+				previousSequence: 10,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "DELETE FROM projections.idp_login_policy_links4 WHERE (idp_id = $1) AND (resource_owner = $2) AND (instance_id = $3)",
+							expectedArgs: []interface{}{
+								"id",
+								"ro-id",
+								"instance-id",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "iam IDPRemovedEvent",
+			args: args{
+				event: getEvent(testEvent(
+					repository.EventType(instance.IDPRemovedEventType),
+					instance.AggregateType,
+					[]byte(`{
+						"id": "id"
+					}`),
+				), instance.IDPRemovedEventMapper),
+			},
+			reduce: (&idpLoginPolicyLinkProjection{}).reduceIDPRemoved,
+			want: wantReduce{
+				aggregateType:    instance.AggregateType,
+				sequence:         15,
+				previousSequence: 10,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "DELETE FROM projections.idp_login_policy_links4 WHERE (idp_id = $1) AND (resource_owner = $2) AND (instance_id = $3)",
+							expectedArgs: []interface{}{
+								"id",
+								"ro-id",
+								"instance-id",
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			name:   "org.reduceOwnerRemoved",
 			reduce: (&idpLoginPolicyLinkProjection{}).reduceOwnerRemoved,

internal/query/projection/idp_template.go

@@ -24,7 +24,7 @@ const (
 	IDPTemplateGoogleTable = IDPTemplateTable + "_" + IDPTemplateGoogleSuffix
 	IDPTemplateLDAPTable   = IDPTemplateTable + "_" + IDPTemplateLDAPSuffix
 
-	IDPTemplateOAuthSuffix  = "oauth"
+	IDPTemplateOAuthSuffix  = "oauth2"
 	IDPTemplateOIDCSuffix   = "oidc"
 	IDPTemplateJWTSuffix    = "jwt"
 	IDPTemplateGoogleSuffix = "google"
@@ -54,6 +54,7 @@ const (
 	OAuthTokenEndpointCol         = "token_endpoint"
 	OAuthUserEndpointCol          = "user_endpoint"
 	OAuthScopesCol                = "scopes"
+	OAuthIDAttributeCol           = "id_attribute"
 
 	OIDCIDCol           = "idp_id"
 	OIDCInstanceIDCol   = "instance_id"
@@ -139,6 +140,7 @@ func newIDPTemplateProjection(ctx context.Context, config crdb.StatementHandlerC
 			crdb.NewColumn(OAuthTokenEndpointCol, crdb.ColumnTypeText),
 			crdb.NewColumn(OAuthUserEndpointCol, crdb.ColumnTypeText),
 			crdb.NewColumn(OAuthScopesCol, crdb.ColumnTypeTextArray, crdb.Nullable()),
+			crdb.NewColumn(OAuthIDAttributeCol, crdb.ColumnTypeText),
 		},
 			crdb.NewPrimaryKey(OAuthInstanceIDCol, OAuthIDCol),
 			IDPTemplateOAuthSuffix,
@@ -417,6 +419,7 @@ func (p *idpTemplateProjection) reduceOAuthIDPAdded(event eventstore.Event) (*ha
 				handler.NewCol(OAuthTokenEndpointCol, idpEvent.TokenEndpoint),
 				handler.NewCol(OAuthUserEndpointCol, idpEvent.UserEndpoint),
 				handler.NewCol(OAuthScopesCol, database.StringArray(idpEvent.Scopes)),
+				handler.NewCol(OAuthIDAttributeCol, idpEvent.IDAttribute),
 			},
 			crdb.WithTableSuffix(IDPTemplateOAuthSuffix),
 		),
@@ -1176,6 +1179,9 @@ func reduceOAuthIDPChangedColumns(idpEvent idp.OAuthIDPChangedEvent) []handler.C
 	if idpEvent.Scopes != nil {
 		oauthCols = append(oauthCols, handler.NewCol(OAuthScopesCol, database.StringArray(idpEvent.Scopes)))
 	}
+	if idpEvent.IDAttribute != nil {
+		oauthCols = append(oauthCols, handler.NewCol(OAuthIDAttributeCol, *idpEvent.IDAttribute))
+	}
 	return oauthCols
 }
 

internal/query/projection/idp_template_test.go

@@ -154,6 +154,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 	"tokenEndpoint": "token",
  	"userEndpoint": "user",
 	"scopes": ["profile"],
+	"idAttribute": "id-attribute",
 	"isCreationAllowed": true,
 	"isLinkingAllowed": true,
 	"isAutoCreation": true,
@@ -188,7 +189,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.idp_templates2_oauth (idp_id, instance_id, client_id, client_secret, authorization_endpoint, token_endpoint, user_endpoint, scopes) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)",
+							expectedStmt: "INSERT INTO projections.idp_templates2_oauth2 (idp_id, instance_id, client_id, client_secret, authorization_endpoint, token_endpoint, user_endpoint, scopes, id_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
 							expectedArgs: []interface{}{
 								"idp-id",
 								"instance-id",
@@ -198,6 +199,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 								"token",
 								"user",
 								database.StringArray{"profile"},
+								"id-attribute",
 							},
 						},
 					},
@@ -223,6 +225,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 	"tokenEndpoint": "token",
  	"userEndpoint": "user",
 	"scopes": ["profile"],
+	"idAttribute": "id-attribute",
 	"isCreationAllowed": true,
 	"isLinkingAllowed": true,
 	"isAutoCreation": true,
@@ -257,7 +260,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "INSERT INTO projections.idp_templates2_oauth (idp_id, instance_id, client_id, client_secret, authorization_endpoint, token_endpoint, user_endpoint, scopes) VALUES ($1, $2, $3, $4, $5, $6, $7, $8)",
+							expectedStmt: "INSERT INTO projections.idp_templates2_oauth2 (idp_id, instance_id, client_id, client_secret, authorization_endpoint, token_endpoint, user_endpoint, scopes, id_attribute) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
 							expectedArgs: []interface{}{
 								"idp-id",
 								"instance-id",
@@ -267,6 +270,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 								"token",
 								"user",
 								database.StringArray{"profile"},
+								"id-attribute",
 							},
 						},
 					},
@@ -304,7 +308,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "UPDATE projections.idp_templates2_oauth SET client_id = $1 WHERE (idp_id = $2) AND (instance_id = $3)",
+							expectedStmt: "UPDATE projections.idp_templates2_oauth2 SET client_id = $1 WHERE (idp_id = $2) AND (instance_id = $3)",
 							expectedArgs: []interface{}{
 								"id",
 								"idp-id",
@@ -334,6 +338,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 	"tokenEndpoint": "token",
  	"userEndpoint": "user",
 	"scopes": ["profile"],
+	"idAttribute": "id-attribute",
 	"isCreationAllowed": true,
 	"isLinkingAllowed": true,
 	"isAutoCreation": true,
@@ -363,7 +368,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 							},
 						},
 						{
-							expectedStmt: "UPDATE projections.idp_templates2_oauth SET (client_id, client_secret, authorization_endpoint, token_endpoint, user_endpoint, scopes) = ($1, $2, $3, $4, $5, $6) WHERE (idp_id = $7) AND (instance_id = $8)",
+							expectedStmt: "UPDATE projections.idp_templates2_oauth2 SET (client_id, client_secret, authorization_endpoint, token_endpoint, user_endpoint, scopes, id_attribute) = ($1, $2, $3, $4, $5, $6, $7) WHERE (idp_id = $8) AND (instance_id = $9)",
 							expectedArgs: []interface{}{
 								"client_id",
 								anyArg{},
@@ -371,6 +376,7 @@ func TestIDPTemplateProjection_reducesOAuth(t *testing.T) {
 								"token",
 								"user",
 								database.StringArray{"profile"},
+								"id-attribute",
 								"idp-id",
 								"instance-id",
 							},