TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 00:27:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: specify login UI version on instance and apps (#9071)

Browse Source 
# Which Problems Are Solved

To be able to migrate or test the new login UI, admins might want to
(temporarily) switch individual apps.
At a later point admin might want to make sure all applications use the
new login UI.

# How the Problems Are Solved

- Added a feature flag `` on instance level to require all apps to use
the new login and provide an optional base url.
- if the flag is enabled, all (OIDC) applications will automatically use
the v2 login.
  - if disabled, applications can decide based on their configuration
- Added an option on OIDC apps to use the new login UI and an optional
base url.
- Removed the requirement to use `x-zitadel-login-client` to be
redirected to the login V2 and retrieve created authrequest and link
them to SSO sessions.
- Added a new "IAM_LOGIN_CLIENT" role to allow management of users,
sessions, grants and more without `x-zitadel-login-client`.

# Additional Changes

None

# Additional Context

closes https://github.com/zitadel/zitadel/issues/8702
This commit is contained in:
Livio Spring
2024-12-19 10:37:46 +01:00
committed by GitHub
parent b5e92a6144
commit 50d2b26a28
89 changed files with 1670 additions and 321 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
internal/api/oidc/client_converter.go
View File

@@ -15,6 +15,10 @@ import (
"github.com/zitadel/zitadel/internal/query"
)
const (
LoginAuthRequestParam = "authRequest"
)
type Client struct {
client *query.OIDCClient
defaultLoginURL string
@@ -49,10 +53,21 @@ func (c *Client) GetID() string {
}
func (c *Client) LoginURL(id string) string {
if strings.HasPrefix(id, command.IDPrefixV2) {
// if the authRequest does not have the v2 prefix, it was created for login V1
if !strings.HasPrefix(id, command.IDPrefixV2) {
return c.defaultLoginURL + id
}
// any v2 login without a specific base uri will be sent to the configured login v2 UI
// this way we're also backwards compatible
if c.client.LoginBaseURI == nil || c.client.LoginBaseURI.URL().String() == "" {
return c.defaultLoginURLV2 + id
}
return c.defaultLoginURL + id
// for clients with a specific URI (internal or external) we only need to add the auth request id
uri := c.client.LoginBaseURI.URL().JoinPath(LoginPath)
q := uri.Query()
q.Set(LoginAuthRequestParam, id)
uri.RawQuery = q.Encode()
return uri.String()
}
func (c *Client) RedirectURIs() []string {