feat: Identity brokering (#730)

* feat: add/ remove external idps * feat: external idp add /remove * fix: auth proto * fix: handle login * feat: loginpolicy on authrequest * feat: idp providers on login * feat: link external idp * fix: check login policy on check username * feat: add mapping fields for idp config * feat: use user org id if existing * feat: use user org id if existing * feat: register external user * feat: register external user * feat: user linking * feat: user linking * feat: design external login * feat: design external login * fix: tests * fix: regenerate login design * feat: next step test linking process * feat: next step test linking process * feat: cascade remove external idps on user * fix: tests * fix: tests * feat: external idp requsts on users * fix: generate protos * feat: login styles * feat: login styles * fix: link user * fix: register user on specifig org * fix: user linking * fix: register external, linking auto * fix: remove unnecessary request from proto * fix: tests * fix: new oidc package * fix: migration version * fix: policy permissions * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * Update internal/ui/login/handler/link_users_handler.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * fix: pr requests * fix: pr requests * fix: login name size * fix: profile image light * fix: colors * fix: pr requests * fix: remove redirect uri validator * fix: remove redirect uri validator Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-11 21:27:42 +00:00 · 2020-09-18 13:26:28 +02:00
parent 1d542a0c57
commit 320ddfa46d
141 changed files with 30057 additions and 12535 deletions
--- a/internal/iam/model/idp_config.go
+++ b/internal/iam/model/idp_config.go
@@ -17,12 +17,14 @@ type IDPConfig struct {

 type OIDCIDPConfig struct {
 	es_models.ObjectRoot
-	IDPConfigID        string
-	ClientID           string
-	ClientSecret       *crypto.CryptoValue
-	ClientSecretString string
-	Issuer             string
-	Scopes             []string
+	IDPConfigID           string
+	ClientID              string
+	ClientSecret          *crypto.CryptoValue
+	ClientSecretString    string
+	Issuer                string
+	Scopes                []string
+	IDPDisplayNameMapping OIDCMappingField
+	UsernameMapping       OIDCMappingField
 }

 type IdpConfigType int32
@@ -40,6 +42,14 @@ const (
 	IDPConfigStateRemoved
 )

+type OIDCMappingField int32
+
+const (
+	OIDCMappingFieldUnspecified OIDCMappingField = iota
+	OIDCMappingFieldPreferredLoginName
+	OIDCMappingFieldEmail
+)
+
 func NewIDPConfig(iamID, idpID string) *IDPConfig {
 	return &IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, IDPConfigID: idpID}
 }
--- a/internal/iam/model/idp_config_view.go
+++ b/internal/iam/model/idp_config_view.go
@@ -17,11 +17,13 @@ type IDPConfigView struct {
 	Sequence        uint64
 	IDPProviderType IDPProviderType

-	IsOIDC           bool
-	OIDCClientID     string
-	OIDCClientSecret *crypto.CryptoValue
-	OIDCIssuer       string
-	OIDCScopes       []string
+	IsOIDC                    bool
+	OIDCClientID              string
+	OIDCClientSecret          *crypto.CryptoValue
+	OIDCIssuer                string
+	OIDCScopes                []string
+	OIDCIDPDisplayNameMapping OIDCMappingField
+	OIDCUsernameMapping       OIDCMappingField
 }

 type IDPConfigSearchRequest struct {