feat: Identity brokering (#730)

* feat: add/ remove external idps * feat: external idp add /remove * fix: auth proto * fix: handle login * feat: loginpolicy on authrequest * feat: idp providers on login * feat: link external idp * fix: check login policy on check username * feat: add mapping fields for idp config * feat: use user org id if existing * feat: use user org id if existing * feat: register external user * feat: register external user * feat: user linking * feat: user linking * feat: design external login * feat: design external login * fix: tests * fix: regenerate login design * feat: next step test linking process * feat: next step test linking process * feat: cascade remove external idps on user * fix: tests * fix: tests * feat: external idp requsts on users * fix: generate protos * feat: login styles * feat: login styles * fix: link user * fix: register user on specifig org * fix: user linking * fix: register external, linking auto * fix: remove unnecessary request from proto * fix: tests * fix: new oidc package * fix: migration version * fix: policy permissions * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * Update internal/ui/login/handler/link_users_handler.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * fix: pr requests * fix: pr requests * fix: login name size * fix: profile image light * fix: colors * fix: pr requests * fix: remove redirect uri validator * fix: remove redirect uri validator Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-11 19:17:32 +00:00 · 2020-09-18 13:26:28 +02:00
parent 1d542a0c57
commit 320ddfa46d
141 changed files with 30057 additions and 12535 deletions
--- a/internal/user/model/external_idp.go
+++ b/internal/user/model/external_idp.go
@@ -0,0 +1,17 @@
+package model
+
+import (
+	es_models "github.com/caos/zitadel/internal/eventstore/models"
+)
+
+type ExternalIDP struct {
+	es_models.ObjectRoot
+
+	IDPConfigID string
+	UserID      string
+	DisplayName string
+}
+
+func (idp *ExternalIDP) IsValid() bool {
+	return idp.AggregateID != "" && idp.IDPConfigID != "" && idp.UserID != ""
+}
--- a/internal/user/model/external_idp_view.go
+++ b/internal/user/model/external_idp_view.go
@@ -0,0 +1,61 @@
+package model
+
+import (
+	"github.com/caos/zitadel/internal/model"
+	"time"
+)
+
+type ExternalIDPView struct {
+	UserID          string
+	IDPConfigID     string
+	ExternalUserID  string
+	IDPName         string
+	UserDisplayName string
+	CreationDate    time.Time
+	ChangeDate      time.Time
+	ResourceOwner   string
+	Sequence        uint64
+}
+
+type ExternalIDPSearchRequest struct {
+	Offset        uint64
+	Limit         uint64
+	SortingColumn ExternalIDPSearchKey
+	Asc           bool
+	Queries       []*ExternalIDPSearchQuery
+}
+
+type ExternalIDPSearchKey int32
+
+const (
+	ExternalIDPSearchKeyUnspecified ExternalIDPSearchKey = iota
+	ExternalIDPSearchKeyExternalUserID
+	ExternalIDPSearchKeyUserID
+	ExternalIDPSearchKeyIdpConfigID
+	ExternalIDPSearchKeyResourceOwner
+)
+
+type ExternalIDPSearchQuery struct {
+	Key    ExternalIDPSearchKey
+	Method model.SearchMethod
+	Value  interface{}
+}
+
+type ExternalIDPSearchResponse struct {
+	Offset      uint64
+	Limit       uint64
+	TotalResult uint64
+	Result      []*ExternalIDPView
+	Sequence    uint64
+	Timestamp   time.Time
+}
+
+func (r *ExternalIDPSearchRequest) EnsureLimit(limit uint64) {
+	if r.Limit == 0 || r.Limit > limit {
+		r.Limit = limit
+	}
+}
+
+func (r *ExternalIDPSearchRequest) AppendUserQuery(userID string) {
+	r.Queries = append(r.Queries, &ExternalIDPSearchQuery{Key: ExternalIDPSearchKeyUserID, Method: model.SearchMethodEquals, Value: userID})
+}
--- a/internal/user/model/user_human.go
+++ b/internal/user/model/user_human.go
@@ -15,6 +15,7 @@ type Human struct {
 	*Email
 	*Phone
 	*Address
+	ExternalIDPs []*ExternalIDP
 	InitCode     *InitUserCode
 	EmailCode    *EmailCode
 	PhoneCode    *PhoneCode
@@ -45,11 +46,11 @@ func (u *Human) SetNamesAsDisplayname() {
 }

 func (u *Human) IsValid() bool {
-	return u.Profile != nil && u.FirstName != "" && u.LastName != "" && u.Email != nil && u.Email.IsValid() && u.Phone == nil || (u.Phone != nil && u.Phone.IsValid())
+	return u.Profile != nil && u.FirstName != "" && u.LastName != "" && u.Email != nil && u.Email.IsValid() && u.Phone == nil || (u.Phone != nil && u.Phone.PhoneNumber != "" && u.Phone.IsValid())
 }

 func (u *Human) IsInitialState() bool {
-	return u.Email == nil || !u.IsEmailVerified || u.Password == nil || u.SecretString == ""
+	return u.Email == nil || !u.IsEmailVerified || (u.ExternalIDPs == nil || len(u.ExternalIDPs) == 0) && (u.Password == nil || u.SecretString == "")
 }

 func (u *Human) IsOTPReady() bool {
@@ -96,3 +97,12 @@ func (init *InitUserCode) GenerateInitUserCode(generator crypto.Generator) error
 	init.Expiry = generator.Expiry()
 	return nil
 }
+
+func (u *Human) GetExternalIDP(externalIDP *ExternalIDP) (int, *ExternalIDP) {
+	for i, idp := range u.ExternalIDPs {
+		if idp.UserID == externalIDP.UserID {
+			return i, idp
+		}
+	}
+	return -1, nil
+}