feat: port reduction (#323)

* move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto
2025-08-12 01:27:32 +00:00 · 2020-07-08 13:56:37 +02:00
parent 708652a655
commit 3549a8b64e
330 changed files with 30495 additions and 30809 deletions
--- a/internal/api/oidc/client.go
+++ b/internal/api/oidc/client.go
@@ -0,0 +1,97 @@
+package oidc
+
+import (
+	"context"
+
+	"github.com/caos/oidc/pkg/oidc"
+	"github.com/caos/oidc/pkg/op"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	"github.com/caos/zitadel/internal/errors"
+	proj_model "github.com/caos/zitadel/internal/project/model"
+	user_model "github.com/caos/zitadel/internal/user/model"
+)
+
+const (
+	scopeOpenID  = "openid"
+	scopeProfile = "profile"
+	scopeEmail   = "email"
+	scopePhone   = "phone"
+	scopeAddress = "address"
+
+	oidcCtx = "oidc"
+)
+
+func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (op.Client, error) {
+	client, err := o.repo.ApplicationByClientID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+	if client.State != proj_model.AppStateActive {
+		return nil, errors.ThrowPreconditionFailed(nil, "OIDC-sdaGg", "client is not active")
+	}
+	return ClientFromBusiness(client, o.defaultLoginURL, o.defaultAccessTokenLifetime, o.defaultIdTokenLifetime)
+}
+
+func (o *OPStorage) AuthorizeClientIDSecret(ctx context.Context, id string, secret string) error {
+	ctx = authz.SetCtxData(ctx, authz.CtxData{
+		UserID: oidcCtx,
+		OrgID:  oidcCtx,
+	})
+	return o.repo.AuthorizeOIDCApplication(ctx, id, secret)
+}
+
+func (o *OPStorage) GetUserinfoFromToken(ctx context.Context, tokenID string) (*oidc.Userinfo, error) {
+	token, err := o.repo.TokenByID(ctx, tokenID)
+	if err != nil {
+		return nil, err
+	}
+	return o.GetUserinfoFromScopes(ctx, token.UserID, token.Scopes)
+}
+
+func (o *OPStorage) GetUserinfoFromScopes(ctx context.Context, userID string, scopes []string) (*oidc.Userinfo, error) {
+	user, err := o.repo.UserByID(ctx, userID)
+	if err != nil {
+		return nil, err
+	}
+	userInfo := new(oidc.Userinfo)
+	for _, scope := range scopes {
+		switch scope {
+		case scopeOpenID:
+			userInfo.Subject = user.ID
+		case scopeEmail:
+			userInfo.Email = user.Email
+			userInfo.EmailVerified = user.IsEmailVerified
+		case scopeProfile:
+			userInfo.Name = user.DisplayName
+			userInfo.FamilyName = user.LastName
+			userInfo.GivenName = user.FirstName
+			userInfo.Nickname = user.NickName
+			userInfo.PreferredUsername = user.PreferredLoginName
+			userInfo.UpdatedAt = user.ChangeDate
+			userInfo.Gender = oidc.Gender(getGender(user.Gender))
+		case scopePhone:
+			userInfo.PhoneNumber = user.Phone
+			userInfo.PhoneNumberVerified = user.IsPhoneVerified
+		case scopeAddress:
+			userInfo.Address.StreetAddress = user.StreetAddress
+			userInfo.Address.Locality = user.Locality
+			userInfo.Address.Region = user.Region
+			userInfo.Address.PostalCode = user.PostalCode
+			userInfo.Address.Country = user.Country
+		}
+	}
+	return userInfo, nil
+}
+
+func getGender(gender user_model.Gender) string {
+	switch gender {
+	case user_model.GenderFemale:
+		return "female"
+	case user_model.GenderMale:
+		return "male"
+	case user_model.GenderDiverse:
+		return "diverse"
+	}
+	return ""
+}