feat: specify login UI version on instance and apps (#9071)

# Which Problems Are Solved To be able to migrate or test the new login UI, admins might want to (temporarily) switch individual apps. At a later point admin might want to make sure all applications use the new login UI. # How the Problems Are Solved - Added a feature flag `` on instance level to require all apps to use the new login and provide an optional base url. - if the flag is enabled, all (OIDC) applications will automatically use the v2 login. - if disabled, applications can decide based on their configuration - Added an option on OIDC apps to use the new login UI and an optional base url. - Removed the requirement to use `x-zitadel-login-client` to be redirected to the login V2 and retrieve created authrequest and link them to SSO sessions. - Added a new "IAM_LOGIN_CLIENT" role to allow management of users, sessions, grants and more without `x-zitadel-login-client`. # Additional Changes None # Additional Context closes https://github.com/zitadel/zitadel/issues/8702
2025-08-11 18:07:31 +00:00 · 2024-12-19 10:37:46 +01:00
parent b5e92a6144
commit 50d2b26a28
89 changed files with 1670 additions and 321 deletions
--- a/internal/feature/feature.go
+++ b/internal/feature/feature.go
@@ -1,6 +1,9 @@
 package feature

-import "slices"
+import (
+	"net/url"
+	"slices"
+)

 //go:generate enumer -type Key -transform snake -trimprefix Key
 type Key int
@@ -19,6 +22,7 @@ const (
 	KeyOIDCSingleV1SessionTermination
 	KeyDisableUserTokenEvent
 	KeyEnableBackChannelLogout
+	KeyLoginV2
 )

 //go:generate enumer -type Level -transform snake -trimprefix Level
@@ -47,6 +51,7 @@ type Features struct {
 	OIDCSingleV1SessionTermination  bool                      `json:"oidc_single_v1_session_termination,omitempty"`
 	DisableUserTokenEvent           bool                      `json:"disable_user_token_event,omitempty"`
 	EnableBackChannelLogout         bool                      `json:"enable_back_channel_logout,omitempty"`
+	LoginV2                         LoginV2                   `json:"login_v2,omitempty"`
 }

 type ImprovedPerformanceType int32
@@ -63,3 +68,8 @@ const (
 func (f Features) ShouldUseImprovedPerformance(typ ImprovedPerformanceType) bool {
 	return slices.Contains(f.ImprovedPerformance, typ)
 }
+
+type LoginV2 struct {
+	Required bool     `json:"required,omitempty"`
+	BaseURI  *url.URL `json:"base_uri,omitempty"`
+}
--- a/internal/feature/key_enumer.go
+++ b/internal/feature/key_enumer.go
@@ -7,11 +7,11 @@ import (
 	"strings"
 )

-const _KeyName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactionsimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logout"
+const _KeyName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactionsimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2"

-var _KeyIndex = [...]uint8{0, 11, 28, 61, 81, 92, 106, 113, 133, 140, 163, 197, 221, 247}
+var _KeyIndex = [...]uint8{0, 11, 28, 61, 81, 92, 106, 113, 133, 140, 163, 197, 221, 247, 255}

-const _KeyLowerName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactionsimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logout"
+const _KeyLowerName = "unspecifiedlogin_default_orgtrigger_introspection_projectionslegacy_introspectionuser_schematoken_exchangeactionsimproved_performanceweb_keydebug_oidc_parent_erroroidc_single_v1_session_terminationdisable_user_token_eventenable_back_channel_logoutlogin_v2"

 func (i Key) String() string {
 	if i < 0 || i >= Key(len(_KeyIndex)-1) {
@@ -37,9 +37,10 @@ func _KeyNoOp() {
 	_ = x[KeyOIDCSingleV1SessionTermination-(10)]
 	_ = x[KeyDisableUserTokenEvent-(11)]
 	_ = x[KeyEnableBackChannelLogout-(12)]
+	_ = x[KeyLoginV2-(13)]
 }

-var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyLegacyIntrospection, KeyUserSchema, KeyTokenExchange, KeyActions, KeyImprovedPerformance, KeyWebKey, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout}
+var _KeyValues = []Key{KeyUnspecified, KeyLoginDefaultOrg, KeyTriggerIntrospectionProjections, KeyLegacyIntrospection, KeyUserSchema, KeyTokenExchange, KeyActions, KeyImprovedPerformance, KeyWebKey, KeyDebugOIDCParentError, KeyOIDCSingleV1SessionTermination, KeyDisableUserTokenEvent, KeyEnableBackChannelLogout, KeyLoginV2}

 var _KeyNameToValueMap = map[string]Key{
 	_KeyName[0:11]:         KeyUnspecified,
@@ -68,6 +69,8 @@ var _KeyNameToValueMap = map[string]Key{
 	_KeyLowerName[197:221]: KeyDisableUserTokenEvent,
 	_KeyName[221:247]:      KeyEnableBackChannelLogout,
 	_KeyLowerName[221:247]: KeyEnableBackChannelLogout,
+	_KeyName[247:255]:      KeyLoginV2,
+	_KeyLowerName[247:255]: KeyLoginV2,
 }

 var _KeyNames = []string{
@@ -84,6 +87,7 @@ var _KeyNames = []string{
 	_KeyName[163:197],
 	_KeyName[197:221],
 	_KeyName[221:247],
+	_KeyName[247:255],
 }

 // KeyString retrieves an enum value from the enum constants string name.