feat: Identity brokering (#730)

* feat: add/ remove external idps

* feat: external idp add /remove

* fix: auth proto

* fix: handle login

* feat: loginpolicy on authrequest

* feat: idp providers on login

* feat: link external idp

* fix: check login policy on check username

* feat: add mapping fields for idp config

* feat: use user org id if existing

* feat: use user org id if existing

* feat: register external user

* feat: register external user

* feat: user linking

* feat: user linking

* feat: design external login

* feat: design external login

* fix: tests

* fix: regenerate login design

* feat: next step test linking process

* feat: next step test linking process

* feat: cascade remove external idps on user

* fix: tests

* fix: tests

* feat: external idp requsts on users

* fix: generate protos

* feat: login styles

* feat: login styles

* fix: link user

* fix: register user on specifig org

* fix: user linking

* fix: register external, linking auto

* fix: remove unnecessary request from proto

* fix: tests

* fix: new oidc package

* fix: migration version

* fix: policy permissions

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/renderer.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/renderer.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr requests

* Update internal/ui/login/handler/link_users_handler.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr requests

* fix: pr requests

* fix: pr requests

* fix: login name size

* fix: profile image light

* fix: colors

* fix: pr requests

* fix: remove redirect uri validator

* fix: remove redirect uri validator

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

pkg/grpc/management/proto/management.proto

@@ -369,6 +369,27 @@ rpc GetUserByID(UserID) returns (UserView) {
     };
   }
 
+  rpc SearchUserExternalIDPs(ExternalIDPSearchRequest) returns (ExternalIDPSearchResponse) {
+    option (google.api.http) = {
+      post: "/users/{user_id}/externalidps/_search"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "user.read"
+    };
+  }
+
+  rpc RemoveExternalIDP(ExternalIDPRemoveRequest) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      delete: "/users/{user_id}/externalidps/{idp_config_id}/{external_user_id}"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "user.write"
+    };
+  }
+
   rpc GetUserMfas(UserID) returns (MultiFactors) {
     option (google.api.http) = {
       get: "/users/{id}/mfas"
@@ -2898,6 +2919,8 @@ message OidcIdpConfig {
     string client_secret = 2;
     string issuer = 3;
     repeated string scopes = 4;
+    OIDCMappingField idp_display_name_mapping = 5;
+    OIDCMappingField username_mapping = 6;
 }
 
 enum IdpState {
@@ -2906,6 +2929,12 @@ enum IdpState {
     IDPCONFIGSTATE_INACTIVE = 2;
 }
 
+enum OIDCMappingField {
+  OIDCMAPPINGFIELD_UNSPECIFIED = 0;
+  OIDCMAPPINGFIELD_PREFERRED_USERNAME = 1;
+  OIDCMAPPINGFIELD_EMAIL = 2;
+}
+
 message OidcIdpConfigCreate {
     string name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
     bytes logo_src = 2;
@@ -2913,6 +2942,8 @@ message OidcIdpConfigCreate {
     string client_secret = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
     string issuer = 5 [(validate.rules).string = {min_len: 1, max_len: 200}];
     repeated string scopes = 6;
+    OIDCMappingField idp_display_name_mapping = 7;
+    OIDCMappingField username_mapping = 8;
 }
 
 message OidcIdpConfigUpdate {
@@ -2921,6 +2952,8 @@ message OidcIdpConfigUpdate {
     string client_secret = 3;
     string issuer = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
     repeated string scopes = 5;
+    OIDCMappingField idp_display_name_mapping = 6;
+    OIDCMappingField username_mapping = 7;
 }
 
 message IdpSearchResponse {
@@ -2950,6 +2983,8 @@ message OidcIdpConfigView {
     string client_id = 1;
     string issuer = 2;
     repeated string scopes = 3;
+    OIDCMappingField idp_display_name_mapping = 4;
+    OIDCMappingField username_mapping = 5;
 }
 
 message IdpSearchRequest {
@@ -3041,4 +3076,35 @@ enum ProjectType {
   PROJECTTYPE_UNSPECIFIED = 0;
   PROJECTTYPE_OWNED = 1;
   PROJECTTYPE_GRANTED = 2;
+}
+
+message ExternalIDPSearchRequest {
+  uint64 offset = 1;
+  uint64 limit = 2;
+  string user_id = 3;
+}
+
+message ExternalIDPSearchResponse {
+  uint64 offset = 1;
+  uint64 limit = 2;
+  uint64 total_result = 3;
+  repeated ExternalIDPView result = 4;
+  uint64 processed_sequence = 5;
+  google.protobuf.Timestamp view_timestamp = 6;
+}
+
+message ExternalIDPView {
+  string user_id = 1;
+  string idp_config_id = 2;
+  string external_user_id = 3;
+  string idp_name = 4;
+  string external_user_display_name = 5;
+  google.protobuf.Timestamp creation_date = 6;
+  google.protobuf.Timestamp change_date = 7;
+}
+
+message ExternalIDPRemoveRequest {
+  string user_id = 1;
+  string idp_config_id = 2;
+  string external_user_id = 3;
 }