feat(6222): remove @ and project from OIDC client ID (#8178)

# Which Problems Are Solved The client ID for OIDC applications has an `@` in it, which is not allowed in some 3rd-party systems (such as AWS). # How the Problems Are Solved Per @fforootd and @hifabienne in #6222, remove the project suffix and the `@` from the client ID and just use the generated ID. # Additional Changes N/A # Additional Context - Closes #6222 --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 18:57:32 +00:00 · 2024-07-04 01:31:40 -07:00
parent 02c98f570b
commit 32b707cf46
13 changed files with 220 additions and 51 deletions
--- a/internal/command/project_application_api_test.go
+++ b/internal/command/project_application_api_test.go
@@ -117,7 +117,7 @@ func TestAddAPIConfig(t *testing.T) {
 					),
 					project.NewAPIConfigAddedEvent(ctx, &agg.Aggregate,
 						"appID",
-						"clientID@project",
+						"clientID",
 						"",
 						domain.APIAuthMethodTypePrivateKeyJWT,
 					),
@@ -252,7 +252,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 						project.NewAPIConfigAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
 							"app1",
-							"client1@project",
+							"client1",
 							"secret",
 							domain.APIAuthMethodTypeBasic),
 					),
@@ -278,7 +278,61 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 					},
 					AppID:              "app1",
 					AppName:            "app",
-					ClientID:           "client1@project",
+					ClientID:           "client1",
+					ClientSecretString: "secret",
+					AuthMethodType:     domain.APIAuthMethodTypeBasic,
+					State:              domain.AppStateActive,
+				},
+			},
+		},
+		{
+			name: "create api app basic old ID format, ok",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							project.NewProjectAddedEvent(context.Background(),
+								&project.NewAggregate("project1", "org1").Aggregate,
+								"project", true, true, true,
+								domain.PrivateLabelingSettingUnspecified),
+						),
+					),
+					expectPush(
+						project.NewApplicationAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"app1",
+							"app",
+						),
+						project.NewAPIConfigAddedEvent(context.Background(),
+							&project.NewAggregate("project1", "org1").Aggregate,
+							"app1",
+							"client1@project1",
+							"secret",
+							domain.APIAuthMethodTypeBasic),
+					),
+				),
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "app1", "client1@project1"),
+			},
+			args: args{
+				ctx: context.Background(),
+				apiApp: &domain.APIApp{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID: "project1",
+					},
+					AppName:        "app",
+					AuthMethodType: domain.APIAuthMethodTypeBasic,
+				},
+				resourceOwner: "org1",
+			},
+			res: res{
+				want: &domain.APIApp{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "project1",
+						ResourceOwner: "org1",
+					},
+					AppID:              "app1",
+					AppName:            "app",
+					ClientID:           "client1@project1",
 					ClientSecretString: "secret",
 					AuthMethodType:     domain.APIAuthMethodTypeBasic,
 					State:              domain.AppStateActive,
@@ -306,7 +360,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 						project.NewAPIConfigAddedEvent(context.Background(),
 							&project.NewAggregate("project1", "org1").Aggregate,
 							"app1",
-							"client1@project",
+							"client1",
 							"",
 							domain.APIAuthMethodTypePrivateKeyJWT),
 					),
@@ -332,7 +386,7 @@ func TestCommandSide_AddAPIApplication(t *testing.T) {
 					},
 					AppID:          "app1",
 					AppName:        "app",
-					ClientID:       "client1@project",
+					ClientID:       "client1",
 					AuthMethodType: domain.APIAuthMethodTypePrivateKeyJWT,
 					State:          domain.AppStateActive,
 				},