feat: add ldap external idp to login api (#5938)

* fix: handling of ldap login through separate endpoint * fix: handling of ldap login through separate endpoint * fix: handling of ldap login through separate endpoint * fix: successful intent for ldap * fix: successful intent for ldap * fix: successful intent for ldap * fix: add changes from code review * fix: remove set intent credentials and handle ldap errors * fix: remove set intent credentials and handle ldap errors * refactor into separate methods and fix merge * remove mocks --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 18:17:35 +00:00 · 2023-08-16 13:29:57 +02:00
parent 1b923425cd
commit 52f68f8db8
27 changed files with 726 additions and 149 deletions
--- a/proto/zitadel/user/v2alpha/idp.proto
+++ b/proto/zitadel/user/v2alpha/idp.proto
@@ -9,6 +9,67 @@ import "google/protobuf/struct.proto";
 import "protoc-gen-openapiv2/options/annotations.proto";
 import "validate/validate.proto";

+message LDAPCredentials {
+  string username = 1[
+    (validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "Username used to login through LDAP"
+      min_length: 1;
+      max_length: 200;
+      example: "\"username\"";
+    }
+  ];
+  string password = 2[
+    (validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "Password used to login through LDAP"
+      min_length: 1;
+      max_length: 200;
+      example: "\"Password1!\"";
+    }
+  ];
+}
+
+message RedirectURLs {
+  string success_url = 1 [
+    (validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "URL on which the user will be redirected after a successful login"
+      min_length: 1;
+      max_length: 200;
+      example: "\"https://custom.com/login/idp/success\"";
+    }
+  ];
+  string failure_url = 2 [
+    (validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "URL on which the user will be redirected after a failed login"
+      min_length: 1;
+      max_length: 200;
+      example: "\"https://custom.com/login/idp/fail\"";
+    }
+  ];
+}
+
+message Intent {
+  string intent_id = 1 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "ID of the intent"
+      min_length: 1;
+      max_length: 200;
+      example: "\"163840776835432705=\"";
+    }
+  ];
+  string token = 2 [
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+      description: "token of the intent"
+      min_length: 1;
+      max_length: 200;
+      example: "\"SJKL3ioIDpo342ioqw98fjp3sdf32wahb=\"";
+    }
+  ];
+}
+
 message IDPInformation{
  oneof access{
    IDPOAuthAccessInformation oauth = 1 [
@@ -16,6 +77,11 @@ message IDPInformation{
        description: "OAuth/OIDC access (and id_token) returned by the identity provider"
      }
    ];
+    IDPLDAPAccessInformation ldap = 6 [
+      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        description: "LDAP entity attributes returned by the identity provider"
+      }
+    ];
  }
  string idp_id = 2 [
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -47,6 +113,10 @@ message IDPOAuthAccessInformation{
  optional string id_token = 2;
 }

+message IDPLDAPAccessInformation{
+  google.protobuf.Struct attributes = 1;
+}
+
 message IDPLink {
  string idp_id = 1 [
    (validate.rules).string = {min_len: 1, max_len: 200},
--- a/proto/zitadel/user/v2alpha/user_service.proto
+++ b/proto/zitadel/user/v2alpha/user_service.proto
@@ -1082,24 +1082,11 @@ message StartIdentityProviderFlowRequest{
      example: "\"163840776835432705\"";
    }
  ];
-  string success_url = 2 [
-    (validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "URL on which the user will be redirected after a successful login"
-      min_length: 1;
-      max_length: 200;
-      example: "\"https://custom.com/login/idp/success\"";
-    }
-  ];
-  string failure_url = 3 [
-    (validate.rules).string = {min_len: 1, max_len: 200, uri_ref: true},
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "URL on which the user will be redirected after a failed login"
-      min_length: 1;
-      max_length: 200;
-      example: "\"https://custom.com/login/idp/fail\"";
-    }
-  ];
+
+  oneof content {
+    RedirectURLs urls = 2;
+    LDAPCredentials ldap = 3;
+  }
 }

 message StartIdentityProviderFlowResponse{
@@ -1111,6 +1098,11 @@ message StartIdentityProviderFlowResponse{
        example: "\"https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&callback=https%3A%2F%2Fzitadel.cloud%2Fidps%2Fcallback\"";
      }
    ];
+    Intent intent = 3 [
+      (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+        description: "Intent information"
+      }
+    ];
  }
 }