mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 00:17:32 +00:00
feat(api): allow specifying access_token type (opaque/JWT) for service users (#5150)
Add functionality to configure the access token type on the service accounts to provide the oidc library with the necessary information to create the right type of access token.
This commit is contained in:
Stefan Benz
@@ -109,6 +109,7 @@ func TestAddMember(t *testing.T) {
|
||||
"name",
|
||||
"description",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
}, nil
|
||||
}).
|
||||
@@ -148,6 +149,7 @@ func TestAddMember(t *testing.T) {
|
||||
"name",
|
||||
"description",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
}, nil
|
||||
}).
|
||||
|
||||
@@ -1250,6 +1250,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) {
|
||||
"name",
|
||||
"description",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
|
||||
@@ -20,9 +20,10 @@ type AddMachine struct {
|
||||
type Machine struct {
|
||||
models.ObjectRoot
|
||||
|
||||
Username string
|
||||
Name string
|
||||
Description string
|
||||
Username string
|
||||
Name string
|
||||
Description string
|
||||
AccessTokenType domain.OIDCTokenType
|
||||
}
|
||||
|
||||
func (m *Machine) IsZero() bool {
|
||||
@@ -56,7 +57,7 @@ func AddMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validati
|
||||
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotFound")
|
||||
}
|
||||
return []eventstore.Command{
|
||||
user.NewMachineAddedEvent(ctx, &a.Aggregate, machine.Username, machine.Name, machine.Description, domainPolicy.UserLoginMustBeDomain),
|
||||
user.NewMachineAddedEvent(ctx, &a.Aggregate, machine.Username, machine.Name, machine.Description, domainPolicy.UserLoginMustBeDomain, machine.AccessTokenType),
|
||||
}, nil
|
||||
}, nil
|
||||
}
|
||||
@@ -124,7 +125,7 @@ func changeMachineCommand(a *user.Aggregate, machine *Machine) preparation.Valid
|
||||
if !isUserStateExists(writeModel.UserState) {
|
||||
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-5M0od", "Errors.User.NotFound")
|
||||
}
|
||||
changedEvent, hasChanged, err := writeModel.NewChangedEvent(ctx, &a.Aggregate, machine.Name, machine.Description)
|
||||
changedEvent, hasChanged, err := writeModel.NewChangedEvent(ctx, &a.Aggregate, machine.Name, machine.Description, machine.AccessTokenType)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -135,6 +135,7 @@ func TestCommands_AddMachineKey(t *testing.T) {
|
||||
"Machine",
|
||||
"",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
@@ -187,6 +188,7 @@ func TestCommands_AddMachineKey(t *testing.T) {
|
||||
"Machine",
|
||||
"",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
|
||||
@@ -15,9 +15,10 @@ type MachineWriteModel struct {
|
||||
|
||||
UserName string
|
||||
|
||||
Name string
|
||||
Description string
|
||||
UserState domain.UserState
|
||||
Name string
|
||||
Description string
|
||||
UserState domain.UserState
|
||||
AccessTokenType domain.OIDCTokenType
|
||||
|
||||
ClientSecret *crypto.CryptoValue
|
||||
}
|
||||
@@ -38,6 +39,7 @@ func (wm *MachineWriteModel) Reduce() error {
|
||||
wm.UserName = e.UserName
|
||||
wm.Name = e.Name
|
||||
wm.Description = e.Description
|
||||
wm.AccessTokenType = e.AccessTokenType
|
||||
wm.UserState = domain.UserStateActive
|
||||
case *user.UsernameChangedEvent:
|
||||
wm.UserName = e.UserName
|
||||
@@ -48,6 +50,9 @@ func (wm *MachineWriteModel) Reduce() error {
|
||||
if e.Description != nil {
|
||||
wm.Description = *e.Description
|
||||
}
|
||||
if e.AccessTokenType != nil {
|
||||
wm.AccessTokenType = *e.AccessTokenType
|
||||
}
|
||||
case *user.UserLockedEvent:
|
||||
if wm.UserState != domain.UserStateDeleted {
|
||||
wm.UserState = domain.UserStateLocked
|
||||
@@ -99,6 +104,7 @@ func (wm *MachineWriteModel) NewChangedEvent(
|
||||
aggregate *eventstore.Aggregate,
|
||||
name,
|
||||
description string,
|
||||
accessTokenType domain.OIDCTokenType,
|
||||
) (*user.MachineChangedEvent, bool, error) {
|
||||
changes := make([]user.MachineChanges, 0)
|
||||
var err error
|
||||
@@ -109,6 +115,9 @@ func (wm *MachineWriteModel) NewChangedEvent(
|
||||
if wm.Description != description {
|
||||
changes = append(changes, user.ChangeDescription(description))
|
||||
}
|
||||
if wm.AccessTokenType != accessTokenType {
|
||||
changes = append(changes, user.ChangeAccessTokenType(accessTokenType))
|
||||
}
|
||||
if len(changes) == 0 {
|
||||
return nil, false, nil
|
||||
}
|
||||
|
||||
@@ -104,6 +104,7 @@ func TestCommandSide_GenerateMachineSecret(t *testing.T) {
|
||||
"username",
|
||||
"user",
|
||||
false,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
@@ -244,6 +245,7 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) {
|
||||
"username",
|
||||
"user",
|
||||
false,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
@@ -271,6 +273,7 @@ func TestCommandSide_RemoveMachineSecret(t *testing.T) {
|
||||
"username",
|
||||
"user",
|
||||
false,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
@@ -409,6 +412,7 @@ func TestCommandSide_VerifyMachineSecret(t *testing.T) {
|
||||
"username",
|
||||
"user",
|
||||
false,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
@@ -436,6 +440,7 @@ func TestCommandSide_VerifyMachineSecret(t *testing.T) {
|
||||
"username",
|
||||
"user",
|
||||
false,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
@@ -486,6 +491,7 @@ func TestCommandSide_VerifyMachineSecret(t *testing.T) {
|
||||
"username",
|
||||
"user",
|
||||
false,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
eventFromEventPusher(
|
||||
|
||||
@@ -128,6 +128,7 @@ func TestCommandSide_AddMachine(t *testing.T) {
|
||||
"name",
|
||||
"description",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
},
|
||||
@@ -268,6 +269,7 @@ func TestCommandSide_ChangeMachine(t *testing.T) {
|
||||
"name",
|
||||
"description",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
@@ -302,6 +304,7 @@ func TestCommandSide_ChangeMachine(t *testing.T) {
|
||||
"name",
|
||||
"description",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
|
||||
@@ -81,6 +81,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) {
|
||||
"Machine",
|
||||
"",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
@@ -175,6 +176,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) {
|
||||
"Machine",
|
||||
"",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
@@ -226,6 +228,7 @@ func TestCommands_AddPersonalAccessToken(t *testing.T) {
|
||||
"Machine",
|
||||
"",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
),
|
||||
),
|
||||
|
||||
@@ -1786,6 +1786,7 @@ func TestExistsUser(t *testing.T) {
|
||||
"name",
|
||||
"description",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
}, nil
|
||||
},
|
||||
@@ -1807,6 +1808,7 @@ func TestExistsUser(t *testing.T) {
|
||||
"name",
|
||||
"description",
|
||||
true,
|
||||
domain.OIDCTokenTypeBearer,
|
||||
),
|
||||
user.NewUserRemovedEvent(
|
||||
context.Background(),
|
||||
|
||||
Reference in New Issue
Block a user