feat: Identity brokering (#730)

* feat: add/ remove external idps * feat: external idp add /remove * fix: auth proto * fix: handle login * feat: loginpolicy on authrequest * feat: idp providers on login * feat: link external idp * fix: check login policy on check username * feat: add mapping fields for idp config * feat: use user org id if existing * feat: use user org id if existing * feat: register external user * feat: register external user * feat: user linking * feat: user linking * feat: design external login * feat: design external login * fix: tests * fix: regenerate login design * feat: next step test linking process * feat: next step test linking process * feat: cascade remove external idps on user * fix: tests * fix: tests * feat: external idp requsts on users * fix: generate protos * feat: login styles * feat: login styles * fix: link user * fix: register user on specifig org * fix: user linking * fix: register external, linking auto * fix: remove unnecessary request from proto * fix: tests * fix: new oidc package * fix: migration version * fix: policy permissions * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/static/i18n/en.yaml Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/ui/login/handler/renderer.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * Update internal/ui/login/handler/link_users_handler.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: pr requests * fix: pr requests * fix: pr requests * fix: login name size * fix: profile image light * fix: colors * fix: pr requests * fix: remove redirect uri validator * fix: remove redirect uri validator Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-11 19:17:32 +00:00 · 2020-09-18 13:26:28 +02:00
parent 1d542a0c57
commit 320ddfa46d
141 changed files with 30057 additions and 12535 deletions
--- a/pkg/grpc/admin/admin.pb.go
+++ b/pkg/grpc/admin/admin.pb.go
--- a/pkg/grpc/admin/admin.pb.validate.go
+++ b/pkg/grpc/admin/admin.pb.validate.go
@@ -3512,6 +3512,10 @@ func (m *OidcIdpConfigCreate) Validate() error {
 		}
 	}

+	// no validation rules for IdpDisplayNameMapping
+
+	// no validation rules for UsernameMapping
+
 	return nil
 }

@@ -3602,6 +3606,10 @@ func (m *OidcIdpConfigUpdate) Validate() error {
 		}
 	}

+	// no validation rules for IdpDisplayNameMapping
+
+	// no validation rules for UsernameMapping
+
 	return nil
 }

@@ -3883,6 +3891,10 @@ func (m *OidcIdpConfigView) Validate() error {

 	// no validation rules for Issuer

+	// no validation rules for IdpDisplayNameMapping
+
+	// no validation rules for UsernameMapping
+
 	return nil
 }

--- a/pkg/grpc/admin/admin.swagger.json
+++ b/pkg/grpc/admin/admin.swagger.json
@@ -1612,6 +1612,15 @@
        }
      }
    },
+    "v1OIDCMappingField": {
+      "type": "string",
+      "enum": [
+        "OIDCMAPPINGFIELD_UNSPECIFIED",
+        "OIDCMAPPINGFIELD_PREFERRED_USERNAME",
+        "OIDCMAPPINGFIELD_EMAIL"
+      ],
+      "default": "OIDCMAPPINGFIELD_UNSPECIFIED"
+    },
    "v1OidcIdpConfig": {
      "type": "object",
      "properties": {
@@ -1656,6 +1665,12 @@
          "items": {
            "type": "string"
          }
+        },
+        "idp_display_name_mapping": {
+          "$ref": "#/definitions/v1OIDCMappingField"
+        },
+        "username_mapping": {
+          "$ref": "#/definitions/v1OIDCMappingField"
        }
      }
    },
@@ -1679,6 +1694,12 @@
          "items": {
            "type": "string"
          }
+        },
+        "idp_display_name_mapping": {
+          "$ref": "#/definitions/v1OIDCMappingField"
+        },
+        "username_mapping": {
+          "$ref": "#/definitions/v1OIDCMappingField"
        }
      }
    },
@@ -1696,6 +1717,12 @@
          "items": {
            "type": "string"
          }
+        },
+        "idp_display_name_mapping": {
+          "$ref": "#/definitions/v1OIDCMappingField"
+        },
+        "username_mapping": {
+          "$ref": "#/definitions/v1OIDCMappingField"
        }
      }
    },
--- a/pkg/grpc/admin/proto/admin.proto
+++ b/pkg/grpc/admin/proto/admin.proto
@@ -732,6 +732,12 @@ enum IdpState {
    IDPCONFIGSTATE_INACTIVE = 2;
 }

+enum OIDCMappingField {
+    OIDCMAPPINGFIELD_UNSPECIFIED = 0;
+    OIDCMAPPINGFIELD_PREFERRED_USERNAME = 1;
+    OIDCMAPPINGFIELD_EMAIL = 2;
+}
+
 message OidcIdpConfigCreate {
    string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
    bytes logo_src = 2;
@@ -739,6 +745,8 @@ message OidcIdpConfigCreate {
    string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
    string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
    repeated string scopes = 6;
+    OIDCMappingField idp_display_name_mapping = 7;
+    OIDCMappingField username_mapping = 8;
 }

 message OidcIdpConfigUpdate {
@@ -747,6 +755,8 @@ message OidcIdpConfigUpdate {
    string client_secret = 3;
    string issuer = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
    repeated string scopes = 5;
+    OIDCMappingField idp_display_name_mapping = 6;
+    OIDCMappingField username_mapping = 7;
 }

 message IdpSearchResponse {
@@ -775,6 +785,8 @@ message OidcIdpConfigView {
    string client_id = 1;
    string issuer = 2;
    repeated string scopes = 3;
+    OIDCMappingField idp_display_name_mapping = 4;
+    OIDCMappingField username_mapping = 5;
 }

 message IdpSearchRequest {