feat(6222): remove @ and project from OIDC client ID (#8178)

# Which Problems Are Solved The client ID for OIDC applications has an `@` in it, which is not allowed in some 3rd-party systems (such as AWS). # How the Problems Are Solved Per @fforootd and @hifabienne in #6222, remove the project suffix and the `@` from the client ID and just use the generated ID. # Additional Changes N/A # Additional Context - Closes #6222 --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 18:33:28 +00:00 · 2024-07-04 01:31:40 -07:00
parent 02c98f570b
commit 32b707cf46
13 changed files with 220 additions and 51 deletions
--- a/internal/domain/application_oauth.go
+++ b/internal/domain/application_oauth.go
@@ -1,9 +1,6 @@
 package domain

 import (
-	"fmt"
-	"strings"
-
 	"github.com/zitadel/zitadel/internal/id"
 )

@@ -13,9 +10,9 @@ type oAuthApplication interface {
 	requiresClientSecret() bool
 }

-// ClientID random_number@projectname (eg. 495894098234@zitadel)
-func SetNewClientID(a oAuthApplication, idGenerator id.Generator, project *Project) error {
-	clientID, err := NewClientID(idGenerator, project.Name)
+// ClientID random_number (eg. 495894098234)
+func SetNewClientID(a oAuthApplication, idGenerator id.Generator) error {
+	clientID, err := idGenerator.Next()
 	if err != nil {
 		return err
 	}
@@ -24,15 +21,6 @@ func SetNewClientID(a oAuthApplication, idGenerator id.Generator, project *Proje
 	return nil
 }

-func NewClientID(idGenerator id.Generator, projectName string) (string, error) {
-	rndID, err := idGenerator.Next()
-	if err != nil {
-		return "", err
-	}
-
-	return fmt.Sprintf("%s@%s", rndID, strings.ReplaceAll(strings.ToLower(projectName), " ", "_")), nil
-}
-
 func SetNewClientSecretIfNeeded(a oAuthApplication, generate func() (encodedHash, plain string, err error)) (string, error) {
 	if !a.requiresClientSecret() {
 		return "", nil