feat(6222): remove @ and project from OIDC client ID (#8178)

# Which Problems Are Solved The client ID for OIDC applications has an `@` in it, which is not allowed in some 3rd-party systems (such as AWS). # How the Problems Are Solved Per @fforootd and @hifabienne in #6222, remove the project suffix and the `@` from the client ID and just use the generated ID. # Additional Changes N/A # Additional Context - Closes #6222 --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 19:07:30 +00:00 · 2024-07-04 01:31:40 -07:00
parent 02c98f570b
commit 32b707cf46
13 changed files with 220 additions and 51 deletions
--- a/internal/command/project_application_oidc_test.go
+++ b/internal/command/project_application_oidc_test.go
@@ -158,7 +158,7 @@ func TestAddOIDCApp(t *testing.T) {
 					project.NewOIDCConfigAddedEvent(ctx, &agg.Aggregate,
 						domain.OIDCVersionV1,
 						"id",
-						"clientID@project",
+						"clientID",
 						"",
 						[]string{"https://test.ch"},
 						[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
@@ -214,6 +214,71 @@ func TestAddOIDCApp(t *testing.T) {
 					}).
 					Filter(),
 			},
+			want: Want{
+				Commands: []eventstore.Command{
+					project.NewApplicationAddedEvent(ctx, &agg.Aggregate,
+						"id",
+						"name",
+					),
+					project.NewOIDCConfigAddedEvent(ctx, &agg.Aggregate,
+						domain.OIDCVersionV1,
+						"id",
+						"clientID",
+						"",
+						nil,
+						[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
+						[]domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
+						domain.OIDCApplicationTypeWeb,
+						domain.OIDCAuthMethodTypeNone,
+						nil,
+						false,
+						domain.OIDCTokenTypeBearer,
+						false,
+						false,
+						false,
+						0,
+						nil,
+						false,
+					),
+				},
+			},
+		},
+		{
+			name: "correct with old ID format",
+			fields: fields{
+				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "clientID@project"),
+			},
+			args: args{
+				app: &addOIDCApp{
+					AddApp: AddApp{
+						Aggregate: *agg,
+						ID:        "id",
+						Name:      "name",
+					},
+					GrantTypes:    []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
+					ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
+					Version:       domain.OIDCVersionV1,
+
+					ApplicationType: domain.OIDCApplicationTypeWeb,
+					AuthMethodType:  domain.OIDCAuthMethodTypeNone,
+					AccessTokenType: domain.OIDCTokenTypeBearer,
+				},
+				filter: NewMultiFilter().
+					Append(func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) {
+						return []eventstore.Event{
+							project.NewProjectAddedEvent(
+								ctx,
+								&agg.Aggregate,
+								"project",
+								false,
+								false,
+								false,
+								domain.PrivateLabelingSettingUnspecified,
+							),
+						}, nil
+					}).
+					Filter(),
+			},
 			want: Want{
 				Commands: []eventstore.Command{
 					project.NewApplicationAddedEvent(ctx, &agg.Aggregate,
@@ -288,7 +353,7 @@ func TestAddOIDCApp(t *testing.T) {
 					project.NewOIDCConfigAddedEvent(ctx, &agg.Aggregate,
 						domain.OIDCVersionV1,
 						"id",
-						"clientID@project",
+						"clientID",
 						"secret",
 						nil,
 						[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
@@ -434,7 +499,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 							&project.NewAggregate("project1", "org1").Aggregate,
 							domain.OIDCVersionV1,
 							"app1",
-							"client1@project",
+							"client1",
 							"secret",
 							[]string{"https://test.ch"},
 							[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
@@ -488,7 +553,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 					},
 					AppID:                    "app1",
 					AppName:                  "app",
-					ClientID:                 "client1@project",
+					ClientID:                 "client1",
 					ClientSecretString:       "secret",
 					AuthMethodType:           domain.OIDCAuthMethodTypePost,
 					OIDCVersion:              domain.OIDCVersionV1,
@@ -532,7 +597,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 							&project.NewAggregate("project1", "org1").Aggregate,
 							domain.OIDCVersionV1,
 							"app1",
-							"client1@project",
+							"client1",
 							"secret",
 							[]string{"https://test.ch"},
 							[]domain.OIDCResponseType{domain.OIDCResponseTypeCode},
@@ -586,7 +651,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 					},
 					AppID:                    "app1",
 					AppName:                  "app",
-					ClientID:                 "client1@project",
+					ClientID:                 "client1",
 					ClientSecretString:       "secret",
 					AuthMethodType:           domain.OIDCAuthMethodTypePost,
 					OIDCVersion:              domain.OIDCVersionV1,