fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! added first event

2025-08-11 15:17:33 +00:00 · 2025-07-31 13:32:02 +01:00
parent 5ab959a6c1
commit 4f4ae3e6ea
5 changed files with 343 additions and 139 deletions
--- a/backend/v3/domain/id_provider.go
+++ b/backend/v3/domain/id_provider.go
@@ -18,7 +18,7 @@ const (
 	IDPTypeOAuth
 	IDPTypeLDAP
 	IDPTypeAzure
-	IDPTypeGitHub
+	IDPTypeGithub
 	IDPTypeGitHubEnterprise
 	IDPTypeGitLab
 	IDPTypeGitLabSelfHosted
@@ -93,7 +93,6 @@ type IDPOIDC struct {
 }

 type JWT struct {
-	IDPConfigID  string `json:"idpConfigId"`
 	JWTEndpoint  string `json:"jwtEndpoint,omitempty"`
 	Issuer       string `json:"issuer,omitempty"`
 	KeysEndpoint string `json:"keysEndpoint,omitempty"`
@@ -106,8 +105,6 @@ type IDPJWT struct {
 }

 type OAuth struct {
-	ID                    string              `json:"id"`
-	Name                  string              `json:"name,omitempty"`
 	ClientID              string              `json:"clientId,omitempty"`
 	ClientSecret          *crypto.CryptoValue `json:"clientSecret,omitempty"`
 	AuthorizationEndpoint string              `json:"authorizationEndpoint,omitempty"`
@@ -133,8 +130,6 @@ const (
 )

 type Azure struct {
-	ID              string              `json:"id,omitempty"`
-	Name            string              `json:"name,omitempty"`
 	ClientID        string              `json:"client_id,omitempty"`
 	ClientSecret    *crypto.CryptoValue `json:"client_secret,omitempty"`
 	Scopes          []string            `json:"scopes,omitempty"`
@@ -148,8 +143,6 @@ type IDPOAzureAD struct {
 }

 type Google struct {
-	ID           string              `json:"id"`
-	Name         string              `json:"name,omitempty"`
 	ClientID     string              `json:"clientId"`
 	ClientSecret *crypto.CryptoValue `json:"clientSecret"`
 	Scopes       []string            `json:"scopes,omitempty"`
@@ -160,6 +153,17 @@ type IDPGoogle struct {
 	Google
 }

+type Github struct {
+	ClientID     string              `json:"clientId"`
+	ClientSecret *crypto.CryptoValue `json:"clientSecret"`
+	Scopes       []string            `json:"scopes,omitempty"`
+}
+
+type IDPGithub struct {
+	*IdentityProvider
+	Github
+}
+
 // IDPIdentifierCondition is used to help specify a single identity_provider,
 // it will either be used as the  identity_provider ID or identity_provider name,
 // as identity_provider can be identified either using (instanceID + OrgID + ID) OR (instanceID + OrgID + name)
@@ -235,4 +239,5 @@ type IDProviderRepository interface {

 	GetOAzureAD(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPOAzureAD, error)
 	GetGoogle(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGoogle, error)
+	GetGithub(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGithub, error)
 }
--- a/backend/v3/domain/idptype_enumer.go
+++ b/backend/v3/domain/idptype_enumer.go
@@ -30,7 +30,7 @@ func _IDPTypeNoOp() {
 	_ = x[IDPTypeOAuth-(3)]
 	_ = x[IDPTypeLDAP-(4)]
 	_ = x[IDPTypeAzure-(5)]
-	_ = x[IDPTypeGitHub-(6)]
+	_ = x[IDPTypeGithub-(6)]
 	_ = x[IDPTypeGitHubEnterprise-(7)]
 	_ = x[IDPTypeGitLab-(8)]
 	_ = x[IDPTypeGitLabSelfHosted-(9)]
@@ -39,7 +39,7 @@ func _IDPTypeNoOp() {
 	_ = x[IDPTypeSAML-(12)]
 }

-var _IDPTypeValues = []IDPType{IDPTypeUnspecified, IDPTypeOIDC, IDPTypeJWT, IDPTypeOAuth, IDPTypeLDAP, IDPTypeAzure, IDPTypeGitHub, IDPTypeGitHubEnterprise, IDPTypeGitLab, IDPTypeGitLabSelfHosted, IDPTypeGoogle, IDPTypeApple, IDPTypeSAML}
+var _IDPTypeValues = []IDPType{IDPTypeUnspecified, IDPTypeOIDC, IDPTypeJWT, IDPTypeOAuth, IDPTypeLDAP, IDPTypeAzure, IDPTypeGithub, IDPTypeGitHubEnterprise, IDPTypeGitLab, IDPTypeGitLabSelfHosted, IDPTypeGoogle, IDPTypeApple, IDPTypeSAML}

 var _IDPTypeNameToValueMap = map[string]IDPType{
 	_IDPTypeName[0:11]:       IDPTypeUnspecified,
@@ -54,8 +54,8 @@ var _IDPTypeNameToValueMap = map[string]IDPType{
 	_IDPTypeLowerName[23:27]: IDPTypeLDAP,
 	_IDPTypeName[27:32]:      IDPTypeAzure,
 	_IDPTypeLowerName[27:32]: IDPTypeAzure,
-	_IDPTypeName[32:38]:      IDPTypeGitHub,
-	_IDPTypeLowerName[32:38]: IDPTypeGitHub,
+	_IDPTypeName[32:38]:      IDPTypeGithub,
+	_IDPTypeLowerName[32:38]: IDPTypeGithub,
 	_IDPTypeName[38:54]:      IDPTypeGitHubEnterprise,
 	_IDPTypeLowerName[38:54]: IDPTypeGitHubEnterprise,
 	_IDPTypeName[54:60]:      IDPTypeGitLab,
--- a/backend/v3/storage/database/events_testing/id_provider_test.go
+++ b/backend/v3/storage/database/events_testing/id_provider_test.go
@@ -405,7 +405,6 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 			assert.Equal(t, domain.IDPTypeJWT.String(), jwt.Type)

 			// jwt
-			assert.Equal(t, addJWT.IdpId, jwt.IDPConfigID)
 			assert.Equal(t, "jwtEndpoint", jwt.JWTEndpoint)
 			assert.Equal(t, "issuer", jwt.Issuer)
 			assert.Equal(t, "keyEndpoint", jwt.KeysEndpoint)
@@ -443,7 +442,6 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 		assert.Equal(t, domain.IDPTypeJWT.String(), jwt.Type)

 		// jwt
-		assert.Equal(t, addJWT.IdpId, jwt.IDPConfigID)
 		assert.Equal(t, "jwtEndpoint", jwt.JWTEndpoint)
 		assert.Equal(t, "issuer", jwt.Issuer)
 		assert.Equal(t, "keyEndpoint", jwt.KeysEndpoint)
@@ -476,7 +474,6 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 			assert.WithinRange(t, updateJWT.UpdatedAt, beforeCreate, afterCreate)

 			// jwt
-			assert.Equal(t, addJWT.IdpId, updateJWT.IDPConfigID)
 			assert.Equal(t, "new_jwtEndpoint", updateJWT.JWTEndpoint)
 			assert.Equal(t, "new_issuer", updateJWT.Issuer)
 			assert.Equal(t, "new_keyEndpoint", updateJWT.KeysEndpoint)
@@ -1095,8 +1092,8 @@ func TestServer_TestIDProviderReduces(t *testing.T) {

 			// event instance.idp.azure.added
 			// idp
-			assert.Equal(t, addAzure.Id, azure.IdentityProvider.ID)
-			assert.Equal(t, name, azure.IdentityProvider.Name)
+			assert.Equal(t, addAzure.Id, azure.ID)
+			assert.Equal(t, name, azure.Name)

 			assert.Equal(t, "clientId", azure.ClientID)
 			assert.NotNil(t, azure.ClientSecret)
@@ -1147,6 +1144,7 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 			assert.Equal(t, addAzure.Id, azure.IdentityProvider.ID)
 		}, retryDuration, tick)

+		name = "new_" + name
 		// change azure
 		beforeCreate := time.Now().Add(-1 * time.Second)
 		_, err = AdminClient.UpdateAzureADProvider(CTX, &admin.UpdateAzureADProviderRequest{
@@ -1196,4 +1194,122 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 			assert.WithinRange(t, updateAzure.UpdatedAt, beforeCreate, afterCreate)
 		}, retryDuration, tick)
 	})
+
+	t.Run("test instance idp github added reduces", func(t *testing.T) {
+		name := gofakeit.Name()
+
+		// add github
+		beforeCreate := time.Now()
+		addGithub, err := AdminClient.AddGitHubProvider(CTX, &admin.AddGitHubProviderRequest{
+			Name:         name,
+			ClientId:     "clientId",
+			ClientSecret: "clientSecret",
+			Scopes:       []string{"scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  false,
+				IsCreationAllowed: false,
+				IsAutoCreation:    false,
+				IsAutoUpdate:      false,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME,
+			},
+		})
+		afterCreate := time.Now()
+		require.NoError(t, err)
+
+		idpRepo := repository.IDProviderRepository(pool)
+
+		// check values for github
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			github, err := idpRepo.GetGithub(CTX, idpRepo.IDCondition(addGithub.Id), instanceID, nil)
+			require.NoError(t, err)
+
+			// event instance.idp.github.added
+			// idp
+			assert.Equal(t, addGithub.Id, github.ID)
+			assert.Equal(t, name, github.Name)
+
+			assert.Equal(t, "clientId", github.ClientID)
+			assert.NotNil(t, github.ClientSecret)
+			assert.Equal(t, domain.IDPTypeGithub.String(), github.Type)
+			assert.Equal(t, []string{"scope"}, github.Scopes)
+			assert.Equal(t, false, github.AllowLinking)
+			assert.Equal(t, false, github.AllowCreation)
+			assert.Equal(t, false, github.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), github.AllowAutoLinking)
+			assert.WithinRange(t, github.UpdatedAt, beforeCreate, afterCreate)
+		}, retryDuration, tick)
+	})
+
+	t.Run("test instance idp github changed reduces", func(t *testing.T) {
+		name := gofakeit.Name()
+
+		// add github
+		addGithub, err := AdminClient.AddGitHubProvider(CTX, &admin.AddGitHubProviderRequest{
+			Name:         name,
+			ClientId:     "clientId",
+			ClientSecret: "clientSecret",
+			Scopes:       []string{"scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  false,
+				IsCreationAllowed: false,
+				IsAutoCreation:    false,
+				IsAutoUpdate:      false,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME,
+			},
+		})
+		require.NoError(t, err)
+
+		idpRepo := repository.IDProviderRepository(pool)
+
+		var github *domain.IDPGithub
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			github, err = idpRepo.GetGithub(CTX, idpRepo.IDCondition(addGithub.Id), instanceID, nil)
+			require.NoError(t, err)
+			assert.Equal(t, addGithub.Id, github.ID)
+		}, retryDuration, tick)
+
+		name = "new_" + name
+		// change github
+		beforeCreate := time.Now()
+		_, err = AdminClient.UpdateGitHubProvider(CTX, &admin.UpdateGitHubProviderRequest{
+			Id:           addGithub.Id,
+			Name:         name,
+			ClientId:     "new_clientId",
+			ClientSecret: "new_clientSecret",
+			Scopes:       []string{"new_scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  true,
+				IsCreationAllowed: true,
+				IsAutoCreation:    true,
+				IsAutoUpdate:      true,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME,
+			},
+		})
+		afterCreate := time.Now()
+		require.NoError(t, err)
+
+		// check values for azure
+		retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			updateGithub, err := idpRepo.GetGithub(CTX, idpRepo.IDCondition(addGithub.Id), instanceID, nil)
+			require.NoError(t, err)
+
+			// event instance.idp.github.changed
+			// idp
+			assert.Equal(t, addGithub.Id, updateGithub.ID)
+			assert.Equal(t, name, updateGithub.Name)
+
+			assert.Equal(t, "new_clientId", updateGithub.ClientID)
+			assert.NotEqual(t, github.ClientSecret, updateGithub.ClientSecret)
+			assert.Equal(t, domain.IDPTypeGithub.String(), updateGithub.Type)
+			assert.Equal(t, []string{"new_scope"}, updateGithub.Scopes)
+			assert.Equal(t, true, updateGithub.AllowLinking)
+			assert.Equal(t, true, updateGithub.AllowCreation)
+			assert.Equal(t, true, updateGithub.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateGithub.AllowAutoLinking)
+			assert.WithinRange(t, updateGithub.UpdatedAt, beforeCreate, afterCreate)
+		}, retryDuration, tick)
+	})
 }
--- a/backend/v3/storage/database/repository/id_provider.go
+++ b/backend/v3/storage/database/repository/id_provider.go
@@ -229,6 +229,28 @@ func (i *idProvider) GetGoogle(ctx context.Context, id domain.IDPIdentifierCondi
 	return idpGoogle, nil
 }

+func (i *idProvider) GetGithub(ctx context.Context, id domain.IDPIdentifierCondition, instnaceID string, orgID *string) (*domain.IDPGithub, error) {
+	idpGithub := &domain.IDPGithub{}
+	var err error
+
+	idpGithub.IdentityProvider, err = i.Get(ctx, id, instnaceID, orgID)
+	if err != nil {
+		return nil, err
+	}
+
+	if idpGithub.Type != domain.IDPTypeGithub.String() {
+		// TODO
+		return nil, errors.New("WRONG TYPE")
+	}
+
+	err = json.Unmarshal([]byte(*idpGithub.Payload), idpGithub)
+	if err != nil {
+		return nil, err
+	}
+
+	return idpGithub, nil
+}
+
 // -------------------------------------------------------------
 // columns
 // -------------------------------------------------------------
--- a/internal/query/projection/idp_template_relational.go
+++ b/internal/query/projection/idp_template_relational.go
@@ -3,6 +3,7 @@ package projection
 import (
 	"context"
 	"encoding/json"
+	"fmt"

 	"github.com/zitadel/zitadel/backend/v3/storage/database/dialect/postgres"
 	"github.com/zitadel/zitadel/backend/v3/storage/database/repository"
@@ -115,14 +116,14 @@ func (p *idpTemplateRelationalProjection) Reducers() []handler.AggregateReducer
 					Event:  instance.AzureADIDPChangedEventType,
 					Reduce: p.reduceAzureADIDPRelationalChanged,
 				},
-				// 		{
-				// 			Event:  instance.GitHubIDPAddedEventType,
-				// 			Reduce: p.reduceGitHubIDPAdded,
-				// 		},
-				// 		{
-				// 			Event:  instance.GitHubIDPChangedEventType,
-				// 			Reduce: p.reduceGitHubIDPChanged,
-				// 		},
+				{
+					Event:  instance.GitHubIDPAddedEventType,
+					Reduce: p.reduceGitHubIDPRelationalAdded,
+				},
+				{
+					Event:  instance.GitHubIDPChangedEventType,
+					Reduce: p.reduceGitHubIDPRelationalChanged,
+				},
 				// 		{
 				// 			Event:  instance.GitHubEnterpriseIDPAddedEventType,
 				// 			Reduce: p.reduceGitHubEnterpriseIDPAdded,
@@ -360,8 +361,6 @@ func (p *idpTemplateRelationalProjection) reduceOAuthIDPRelationalAdded(event ev
 	}

 	oauth := domain.OAuth{
-		ID:                    e.ID,
-		Name:                  e.Name,
 		ClientID:              e.ClientID,
 		ClientSecret:          e.ClientSecret,
 		AuthorizationEndpoint: e.AuthorizationEndpoint,
@@ -425,7 +424,7 @@ func (p *idpTemplateRelationalProjection) reduceOAuthIDPRelationalChanged(event
 	payload := &oauth.OAuth
 	payloadChanged := reduceOAuthIDPRelationalChangedColumns(payload, &e.OAuthIDPChangedEvent)
 	if payloadChanged {
-		payload, err := json.Marshal(e)
+		payload, err := json.Marshal(payload)
 		if err != nil {
 			return nil, err
 		}
@@ -530,7 +529,7 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalChanged(event e
 	payload := &oidc.OIDC
 	payloadChanged := reduceOIDCIDPRelationalChangedColumns(payload, &e.OIDCIDPChangedEvent)
 	if payloadChanged {
-		payload, err := json.Marshal(e)
+		payload, err := json.Marshal(payload)
 		if err != nil {
 			return nil, err
 		}
@@ -730,7 +729,7 @@ func (p *idpTemplateRelationalProjection) reduceJWTIDPRelationalChanged(event ev
 	payload := &jwt.JWT
 	payloadChanged := reduceJWTIDPRelationalChangedColumns(payload, &e.JWTIDPChangedEvent)
 	if payloadChanged {
-		payload, err := json.Marshal(e)
+		payload, err := json.Marshal(payload)
 		if err != nil {
 			return nil, err
 		}
@@ -1088,7 +1087,7 @@ func (p *idpTemplateRelationalProjection) reduceAzureADIDPRelationalChanged(even
 	payload := &oauth.Azure
 	payloadChanged := reduceAzureADIDPRelationalChangedColumns(payload, &e.AzureADIDPChangedEvent)
 	if payloadChanged {
-		payload, err := json.Marshal(e)
+		payload, err := json.Marshal(payload)
 		if err != nil {
 			return nil, err
 		}
@@ -1105,84 +1104,92 @@ func (p *idpTemplateRelationalProjection) reduceAzureADIDPRelationalChanged(even
 			},
 		),
 	), nil
+}

-	// ops := make([]func(eventstore.Event) handler.Exec, 0, 2)
-	// ops = append(ops,
-	// 	handler.AddUpdateStatement(
-	// 		reduceIDPChangedTemplateColumns(idpEvent.Name, idpEvent.CreationDate(), idpEvent.Sequence(), idpEvent.OptionChanges),
-	// 		[]handler.Condition{
-	// 			handler.NewCond(IDPTemplateIDCol, idpEvent.ID),
-	// 			handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
-	// 		},
-	// 	),
-	// )
-	// if len(githubCols) > 0 {
-	// 	ops = append(ops,
-	// 		handler.AddUpdateStatement(
-	// 			githubCols,
-	// 			[]handler.Condition{
-	// 				handler.NewCond(AzureADIDCol, idpEvent.ID),
-	// 				handler.NewCond(AzureADInstanceIDCol, idpEvent.Aggregate().InstanceID),
-	// 			},
-	// 			handler.WithTableSuffix(IDPTemplateAzureADSuffix),
-	// 		),
-	// 	)
+func (p *idpTemplateRelationalProjection) reduceGitHubIDPRelationalAdded(event eventstore.Event) (*handler.Statement, error) {
+	// var idpEvent idp.GitHubIDPAddedEvent
+	// var idpOwnerType domain.IdentityProviderType
+	// switch e := event.(type) {
+	// case *org.GitHubIDPAddedEvent:
+	// 	idpEvent = e.GitHubIDPAddedEvent
+	// 	idpOwnerType = domain.IdentityProviderTypeOrg
+	// case *instance.GitHubIDPAddedEvent:
+	// 	idpEvent = e.GitHubIDPAddedEvent
+	// 	idpOwnerType = domain.IdentityProviderTypeSystem
+	// default:
+	// 	return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPAddedEventType, instance.GitHubIDPAddedEventType})
 	// }

+	e, ok := event.(*instance.GitHubIDPAddedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPAddedEventType, instance.GitHubIDPAddedEventType})
+	}
+
+	github := domain.Github{
+		ClientID:     e.ClientID,
+		ClientSecret: e.ClientSecret,
+		Scopes:       e.Scopes,
+	}
+
+	payload, err := json.Marshal(github)
+	if err != nil {
+		return nil, err
+	}
+
+	return handler.NewMultiStatement(
+		e,
+		handler.AddCreateStatement(
+			[]handler.Column{
+				handler.NewCol(IDPTemplateIDCol, e.ID),
+				handler.NewCol(IDPTemplateInstanceIDCol, e.Aggregate().InstanceID),
+				handler.NewCol(IDPTemplateNameCol, e.Name),
+				handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGithub.String()),
+				handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive.String()),
+				handler.NewCol(IDPRelationalAllowCreationCol, e.IsCreationAllowed),
+				handler.NewCol(IDPRelationalAllowLinkingCol, e.IsLinkingAllowed),
+				handler.NewCol(IDPRelationalAllowAutoCreationCol, e.IsAutoCreation),
+				handler.NewCol(IDPRelationalAllowAutoUpdateCol, e.IsAutoUpdate),
+				handler.NewCol(IDPRelationalAllowAutoLinkingCol, domain.IDPAutoLinkingOption(e.AutoLinkingOption).String()),
+				handler.NewCol(CreatedAt, e.CreationDate()),
+				handler.NewCol(IDPRelationalPayloadCol, payload),
+			},
+		),
+	), nil
+
 	// return handler.NewMultiStatement(
 	// 	&idpEvent,
-	// 	ops...,
+	// 	handler.AddCreateStatement(
+	// 		[]handler.Column{
+	// 			handler.NewCol(IDPTemplateIDCol, idpEvent.ID),
+	// 			handler.NewCol(IDPTemplateCreationDateCol, idpEvent.CreationDate()),
+	// 			handler.NewCol(IDPTemplateChangeDateCol, idpEvent.CreationDate()),
+	// 			handler.NewCol(IDPTemplateSequenceCol, idpEvent.Sequence()),
+	// 			handler.NewCol(IDPTemplateResourceOwnerCol, idpEvent.Aggregate().ResourceOwner),
+	// 			handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
+	// 			handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive),
+	// 			handler.NewCol(IDPTemplateNameCol, idpEvent.Name),
+	// 			handler.NewCol(IDPTemplateOwnerTypeCol, idpOwnerType),
+	// 			handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGithub),
+	// 			handler.NewCol(IDPTemplateIsCreationAllowedCol, idpEvent.IsCreationAllowed),
+	// 			handler.NewCol(IDPTemplateIsLinkingAllowedCol, idpEvent.IsLinkingAllowed),
+	// 			handler.NewCol(IDPTemplateIsAutoCreationCol, idpEvent.IsAutoCreation),
+	// 			handler.NewCol(IDPTemplateIsAutoUpdateCol, idpEvent.IsAutoUpdate),
+	// 			handler.NewCol(IDPTemplateAutoLinkingCol, idpEvent.AutoLinkingOption),
+	// 		},
+	// 	),
+	// 	handler.AddCreateStatement(
+	// 		[]handler.Column{
+	// 			handler.NewCol(GitHubIDCol, idpEvent.ID),
+	// 			handler.NewCol(GitHubInstanceIDCol, idpEvent.Aggregate().InstanceID),
+	// 			handler.NewCol(GitHubClientIDCol, idpEvent.ClientID),
+	// 			handler.NewCol(GitHubClientSecretCol, idpEvent.ClientSecret),
+	// 			handler.NewCol(GitHubScopesCol, database.TextArray[string](idpEvent.Scopes)),
+	// 		},
+	// 		handler.WithTableSuffix(IDPTemplateGitHubSuffix),
+	// 	),
 	// ), nil
 }

-// func (p *idpTemplateProjection) reduceGitHubIDPAdded(event eventstore.Event) (*handler.Statement, error) {
-// 	var idpEvent idp.GitHubIDPAddedEvent
-// 	var idpOwnerType domain.IdentityProviderType
-// 	switch e := event.(type) {
-// 	case *org.GitHubIDPAddedEvent:
-// 		idpEvent = e.GitHubIDPAddedEvent
-// 		idpOwnerType = domain.IdentityProviderTypeOrg
-// 	case *instance.GitHubIDPAddedEvent:
-// 		idpEvent = e.GitHubIDPAddedEvent
-// 		idpOwnerType = domain.IdentityProviderTypeSystem
-// 	default:
-// 		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-x9a022b", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPAddedEventType, instance.GitHubIDPAddedEventType})
-// 	}
-
-// 	return handler.NewMultiStatement(
-// 		&idpEvent,
-// 		handler.AddCreateStatement(
-// 			[]handler.Column{
-// 				handler.NewCol(IDPTemplateIDCol, idpEvent.ID),
-// 				handler.NewCol(IDPTemplateCreationDateCol, idpEvent.CreationDate()),
-// 				handler.NewCol(IDPTemplateChangeDateCol, idpEvent.CreationDate()),
-// 				handler.NewCol(IDPTemplateSequenceCol, idpEvent.Sequence()),
-// 				handler.NewCol(IDPTemplateResourceOwnerCol, idpEvent.Aggregate().ResourceOwner),
-// 				handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 				handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive),
-// 				handler.NewCol(IDPTemplateNameCol, idpEvent.Name),
-// 				handler.NewCol(IDPTemplateOwnerTypeCol, idpOwnerType),
-// 				handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGitHub),
-// 				handler.NewCol(IDPTemplateIsCreationAllowedCol, idpEvent.IsCreationAllowed),
-// 				handler.NewCol(IDPTemplateIsLinkingAllowedCol, idpEvent.IsLinkingAllowed),
-// 				handler.NewCol(IDPTemplateIsAutoCreationCol, idpEvent.IsAutoCreation),
-// 				handler.NewCol(IDPTemplateIsAutoUpdateCol, idpEvent.IsAutoUpdate),
-// 				handler.NewCol(IDPTemplateAutoLinkingCol, idpEvent.AutoLinkingOption),
-// 			},
-// 		),
-// 		handler.AddCreateStatement(
-// 			[]handler.Column{
-// 				handler.NewCol(GitHubIDCol, idpEvent.ID),
-// 				handler.NewCol(GitHubInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 				handler.NewCol(GitHubClientIDCol, idpEvent.ClientID),
-// 				handler.NewCol(GitHubClientSecretCol, idpEvent.ClientSecret),
-// 				handler.NewCol(GitHubScopesCol, database.TextArray[string](idpEvent.Scopes)),
-// 			},
-// 			handler.WithTableSuffix(IDPTemplateGitHubSuffix),
-// 		),
-// 	), nil
-// }
-
 // func (p *idpTemplateProjection) reduceGitHubEnterpriseIDPAdded(event eventstore.Event) (*handler.Statement, error) {
 // 	var idpEvent idp.GitHubEnterpriseIDPAddedEvent
 // 	var idpOwnerType domain.IdentityProviderType
@@ -1234,46 +1241,83 @@ func (p *idpTemplateRelationalProjection) reduceAzureADIDPRelationalChanged(even
 // 	), nil
 // }

-// func (p *idpTemplateProjection) reduceGitHubIDPChanged(event eventstore.Event) (*handler.Statement, error) {
-// 	var idpEvent idp.GitHubIDPChangedEvent
-// 	switch e := event.(type) {
-// 	case *org.GitHubIDPChangedEvent:
-// 		idpEvent = e.GitHubIDPChangedEvent
-// 	case *instance.GitHubIDPChangedEvent:
-// 		idpEvent = e.GitHubIDPChangedEvent
-// 	default:
-// 		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPChangedEventType, instance.GitHubIDPChangedEventType})
-// 	}
+func (p *idpTemplateRelationalProjection) reduceGitHubIDPRelationalChanged(event eventstore.Event) (*handler.Statement, error) {
+	// var idpEvent idp.GitHubIDPChangedEvent
+	// switch e := event.(type) {
+	// case *org.GitHubIDPChangedEvent:
+	// 	idpEvent = e.GitHubIDPChangedEvent
+	// case *instance.GitHubIDPChangedEvent:
+	// 	idpEvent = e.GitHubIDPChangedEvent
+	// default:
+	// 	return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPChangedEventType, instance.GitHubIDPChangedEventType})
+	// }

-// 	ops := make([]func(eventstore.Event) handler.Exec, 0, 2)
-// 	ops = append(ops,
-// 		handler.AddUpdateStatement(
-// 			reduceIDPChangedTemplateColumns(idpEvent.Name, idpEvent.CreationDate(), idpEvent.Sequence(), idpEvent.OptionChanges),
-// 			[]handler.Condition{
-// 				handler.NewCond(IDPTemplateIDCol, idpEvent.ID),
-// 				handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 			},
-// 		),
-// 	)
-// 	githubCols := reduceGitHubIDPChangedColumns(idpEvent)
-// 	if len(githubCols) > 0 {
-// 		ops = append(ops,
-// 			handler.AddUpdateStatement(
-// 				githubCols,
-// 				[]handler.Condition{
-// 					handler.NewCond(GitHubIDCol, idpEvent.ID),
-// 					handler.NewCond(GitHubInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 				},
-// 				handler.WithTableSuffix(IDPTemplateGitHubSuffix),
-// 			),
-// 		)
-// 	}
+	e, ok := event.(*instance.GitHubIDPChangedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitHubIDPChangedEventType, instance.GitHubIDPChangedEventType})
+	}

-// 	return handler.NewMultiStatement(
-// 		&idpEvent,
-// 		ops...,
-// 	), nil
-// }
+	github, err := p.idpRepo.GetGithub(context.Background(), p.idpRepo.IDCondition(e.ID), e.Agg.InstanceID, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	columns := make([]handler.Column, 0, 7)
+	reduceIDPRelationalChangedTemplateColumns(e.Name, e.OptionChanges, &columns)
+
+	payload := &github.Github
+	payloadChanged := reduceGitHubIDPRelationalChangedColumns(payload, &e.GitHubIDPChangedEvent)
+	if payloadChanged {
+		payload, err := json.Marshal(payload)
+		if err != nil {
+			return nil, err
+		}
+		columns = append(columns, handler.NewCol(IDPRelationalPayloadCol, payload))
+	}
+
+	fmt.Printf("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> *e.Name = %+v\n", *e.Name)
+	fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> UPDATE GITHUB")
+
+	return handler.NewMultiStatement(
+		e,
+		handler.AddUpdateStatement(
+			columns,
+			[]handler.Condition{
+				handler.NewCond(IDPTemplateIDCol, e.ID),
+				handler.NewCond(IDPTemplateInstanceIDCol, e.Aggregate().InstanceID),
+			},
+		),
+	), nil
+
+	// ops := make([]func(eventstore.Event) handler.Exec, 0, 2)
+	// ops = append(ops,
+	// 	handler.AddUpdateStatement(
+	// 		reduceIDPChangedTemplateColumns(idpEvent.Name, idpEvent.CreationDate(), idpEvent.Sequence(), idpEvent.OptionChanges),
+	// 		[]handler.Condition{
+	// 			handler.NewCond(IDPTemplateIDCol, idpEvent.ID),
+	// 			handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
+	// 		},
+	// 	),
+	// )
+	// githubCols := reduceGitHubIDPChangedColumns(idpEvent)
+	// if len(githubCols) > 0 {
+	// 	ops = append(ops,
+	// 		handler.AddUpdateStatement(
+	// 			githubCols,
+	// 			[]handler.Condition{
+	// 				handler.NewCond(GitHubIDCol, idpEvent.ID),
+	// 				handler.NewCond(GitHubInstanceIDCol, idpEvent.Aggregate().InstanceID),
+	// 			},
+	// 			handler.WithTableSuffix(IDPTemplateGitHubSuffix),
+	// 		),
+	// 	)
+	// }
+
+	// return handler.NewMultiStatement(
+	// 	&idpEvent,
+	// 	ops...,
+	// ), nil
+}

 // func (p *idpTemplateProjection) reduceGitHubEnterpriseIDPChanged(event eventstore.Event) (*handler.Statement, error) {
 // 	var idpEvent idp.GitHubEnterpriseIDPChangedEvent
@@ -2391,3 +2435,20 @@ func reduceAzureADIDPRelationalChangedColumns(payload *domain.Azure, idpEvent *i
 	}
 	return payloadChange
 }
+
+func reduceGitHubIDPRelationalChangedColumns(payload *domain.Github, idpEvent *idp.GitHubIDPChangedEvent) bool {
+	payloadChange := false
+	if idpEvent.ClientID != nil {
+		payloadChange = true
+		payload.ClientID = *idpEvent.ClientID
+	}
+	if idpEvent.ClientSecret != nil {
+		payloadChange = true
+		payload.ClientSecret = idpEvent.ClientSecret
+	}
+	if idpEvent.Scopes != nil {
+		payloadChange = true
+		payload.Scopes = idpEvent.Scopes
+	}
+	return payloadChange
+}