feat: add personal access tokens for service users (#2974)

* feat: add machine tokens * fix test * rename to pat * fix merge and tests * fix scopes * fix migration version * fix test * Update internal/repository/user/personal_access_token.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-11 21:17:32 +00:00 · 2022-02-08 09:37:28 +01:00
parent 3bf9adece5
commit 699fdaf68e
32 changed files with 1838 additions and 30 deletions
--- a/internal/command/user_converter.go
+++ b/internal/command/user_converter.go
@@ -1,6 +1,9 @@
 package command

 import (
+	"encoding/base64"
+
+	"github.com/caos/zitadel/internal/crypto"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/repository/user"
 )
@@ -97,6 +100,18 @@ func keyWriteModelToMachineKey(wm *MachineKeyWriteModel) *domain.MachineKey {
 	}
 }

+func personalTokenWriteModelToToken(wm *PersonalAccessTokenWriteModel, algorithm crypto.EncryptionAlgorithm) (*domain.Token, string, error) {
+	encrypted, err := algorithm.Encrypt([]byte(wm.TokenID + ":" + wm.AggregateID))
+	if err != nil {
+		return nil, "", err
+	}
+	return &domain.Token{
+		ObjectRoot: writeModelToObjectRoot(wm.WriteModel),
+		TokenID:    wm.TokenID,
+		Expiration: wm.ExpirationDate,
+	}, base64.RawURLEncoding.EncodeToString(encrypted), nil
+}
+
 func readModelToU2FTokens(wm *HumanU2FTokensReadModel) []*domain.WebAuthNToken {
 	tokens := make([]*domain.WebAuthNToken, len(wm.WebAuthNTokens))
 	for i, token := range wm.WebAuthNTokens {