fix: some backend bugs (#1438)

* fix: fix setup * fix oidc app change * fix: fix migration and proto * fix: fix granted projects * setup1 apis instead of apps * fix: add object detail with creation date * fix user phone change * add localizer to AddOIDCAppResponse * fix test * fix domain test * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 01:47:33 +00:00 · 2021-03-19 18:46:26 +01:00
parent 24527bd354
commit 6b1f7ba333
58 changed files with 578 additions and 429 deletions
--- a/internal/api/grpc/admin/iam_member.go
+++ b/internal/api/grpc/admin/iam_member.go
@@ -33,7 +33,7 @@ func (s *Server) AddIAMMember(ctx context.Context, req *admin_pb.AddIAMMemberReq
 		return nil, err
 	}
 	return &admin_pb.AddIAMMemberResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			member.Sequence,
 			member.ChangeDate,
 			member.ResourceOwner,
@@ -47,7 +47,7 @@ func (s *Server) UpdateIAMMember(ctx context.Context, req *admin_pb.UpdateIAMMem
 		return nil, err
 	}
 	return &admin_pb.UpdateIAMMemberResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			member.Sequence,
 			member.ChangeDate,
 			member.ResourceOwner,
@@ -61,6 +61,6 @@ func (s *Server) RemoveIAMMember(ctx context.Context, req *admin_pb.RemoveIAMMem
 		return nil, err
 	}
 	return &admin_pb.RemoveIAMMemberResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/admin/idp.go
+++ b/internal/api/grpc/admin/idp.go
@@ -34,7 +34,7 @@ func (s *Server) AddOIDCIDP(ctx context.Context, req *admin_pb.AddOIDCIDPRequest
 	}
 	return &admin_pb.AddOIDCIDPResponse{
 		IdpId: config.AggregateID,
-		Details: object_pb.ToDetailsPb(
+		Details: object_pb.AddToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
@@ -48,7 +48,7 @@ func (s *Server) UpdateIDP(ctx context.Context, req *admin_pb.UpdateIDPRequest)
 		return nil, err
 	}
 	return &admin_pb.UpdateIDPResponse{
-		Details: object_pb.ToDetailsPb(
+		Details: object_pb.ChangeToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
@@ -61,7 +61,7 @@ func (s *Server) DeactivateIDP(ctx context.Context, req *admin_pb.DeactivateIDPR
 	if err != nil {
 		return nil, err
 	}
-	return &admin_pb.DeactivateIDPResponse{Details: object_pb.DomainToDetailsPb(objectDetails)}, nil
+	return &admin_pb.DeactivateIDPResponse{Details: object_pb.DomainToChangeDetailsPb(objectDetails)}, nil
 }

 func (s *Server) ReactivateIDP(ctx context.Context, req *admin_pb.ReactivateIDPRequest) (*admin_pb.ReactivateIDPResponse, error) {
@@ -69,7 +69,7 @@ func (s *Server) ReactivateIDP(ctx context.Context, req *admin_pb.ReactivateIDPR
 	if err != nil {
 		return nil, err
 	}
-	return &admin_pb.ReactivateIDPResponse{Details: object_pb.DomainToDetailsPb(objectDetails)}, nil
+	return &admin_pb.ReactivateIDPResponse{Details: object_pb.DomainToChangeDetailsPb(objectDetails)}, nil
 }

 func (s *Server) RemoveIDP(ctx context.Context, req *admin_pb.RemoveIDPRequest) (*admin_pb.RemoveIDPResponse, error) {
@@ -85,7 +85,7 @@ func (s *Server) RemoveIDP(ctx context.Context, req *admin_pb.RemoveIDPRequest)
 	if err != nil {
 		return nil, err
 	}
-	return &admin_pb.RemoveIDPResponse{Details: object_pb.DomainToDetailsPb(objectDetails)}, nil
+	return &admin_pb.RemoveIDPResponse{Details: object_pb.DomainToChangeDetailsPb(objectDetails)}, nil
 }

 func (s *Server) UpdateIDPOIDCConfig(ctx context.Context, req *admin_pb.UpdateIDPOIDCConfigRequest) (*admin_pb.UpdateIDPOIDCConfigResponse, error) {
@@ -94,7 +94,7 @@ func (s *Server) UpdateIDPOIDCConfig(ctx context.Context, req *admin_pb.UpdateID
 		return nil, err
 	}
 	return &admin_pb.UpdateIDPOIDCConfigResponse{
-		Details: object_pb.ToDetailsPb(
+		Details: object_pb.ChangeToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
--- a/internal/api/grpc/admin/label_policy.go
+++ b/internal/api/grpc/admin/label_policy.go
@@ -22,7 +22,7 @@ func (s *Server) UpdateLabelPolicy(ctx context.Context, req *admin_pb.UpdateLabe
 		return nil, err
 	}
 	return &admin_pb.UpdateLabelPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			policy.Sequence,
 			policy.ChangeDate,
 			policy.ResourceOwner,
--- a/internal/api/grpc/admin/login_policy.go
+++ b/internal/api/grpc/admin/login_policy.go
@@ -27,7 +27,7 @@ func (s *Server) UpdateLoginPolicy(ctx context.Context, p *admin_pb.UpdateLoginP
 		return nil, err
 	}
 	return &admin_pb.UpdateLoginPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			policy.Sequence,
 			policy.ChangeDate,
 			policy.ResourceOwner,
@@ -52,7 +52,7 @@ func (s *Server) AddIDPToLoginPolicy(ctx context.Context, req *admin_pb.AddIDPTo
 		return nil, err
 	}
 	return &admin_pb.AddIDPToLoginPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			idp.Sequence,
 			idp.ChangeDate,
 			idp.ResourceOwner,
@@ -70,7 +70,7 @@ func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *admin_pb.Rem
 		return nil, err
 	}
 	return &admin_pb.RemoveIDPFromLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -92,7 +92,7 @@ func (s *Server) AddSecondFactorToLoginPolicy(ctx context.Context, req *admin_pb
 		return nil, err
 	}
 	return &admin_pb.AddSecondFactorToLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToAddDetailsPb(objectDetails),
 	}, nil
 }

@@ -102,7 +102,7 @@ func (s *Server) RemoveSecondFactorFromLoginPolicy(ctx context.Context, req *adm
 		return nil, err
 	}
 	return &admin_pb.RemoveSecondFactorFromLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -124,7 +124,7 @@ func (s *Server) AddMultiFactorToLoginPolicy(ctx context.Context, req *admin_pb.
 		return nil, err
 	}
 	return &admin_pb.AddMultiFactorToLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToAddDetailsPb(objectDetails),
 	}, nil
 }

@@ -134,6 +134,6 @@ func (s *Server) RemoveMultiFactorFromLoginPolicy(ctx context.Context, req *admi
 		return nil, err
 	}
 	return &admin_pb.RemoveMultiFactorFromLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/admin/org.go
+++ b/internal/api/grpc/admin/org.go
@@ -42,6 +42,6 @@ func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*
 		return nil, err
 	}
 	return &admin_pb.SetUpOrgResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToAddDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/admin/org_iam_policy.go
+++ b/internal/api/grpc/admin/org_iam_policy.go
@@ -32,7 +32,7 @@ func (s *Server) AddCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.AddCus
 		return nil, err
 	}
 	return &admin_pb.AddCustomOrgIAMPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			policy.Sequence,
 			policy.ChangeDate,
 			policy.ResourceOwner,
@@ -46,7 +46,7 @@ func (s *Server) UpdateOrgIAMPolicy(ctx context.Context, req *admin_pb.UpdateOrg
 		return nil, err
 	}
 	return &admin_pb.UpdateOrgIAMPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
@@ -60,7 +60,7 @@ func (s *Server) UpdateCustomOrgIAMPolicy(ctx context.Context, req *admin_pb.Upd
 		return nil, err
 	}
 	return &admin_pb.UpdateCustomOrgIAMPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
--- a/internal/api/grpc/admin/password_age.go
+++ b/internal/api/grpc/admin/password_age.go
@@ -24,7 +24,7 @@ func (s *Server) UpdatePasswordAgePolicy(ctx context.Context, req *admin_pb.Upda
 		return nil, err
 	}
 	return &admin_pb.UpdatePasswordAgePolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			result.Sequence,
 			result.ChangeDate,
 			result.ResourceOwner,
--- a/internal/api/grpc/admin/password_complexity.go
+++ b/internal/api/grpc/admin/password_complexity.go
@@ -22,7 +22,7 @@ func (s *Server) UpdatePasswordComplexityPolicy(ctx context.Context, req *admin_
 		return nil, err
 	}
 	return &admin_pb.UpdatePasswordComplexityPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			result.Sequence,
 			result.ChangeDate,
 			result.ResourceOwner,
--- a/internal/api/grpc/admin/password_lockout.go
+++ b/internal/api/grpc/admin/password_lockout.go
@@ -22,7 +22,7 @@ func (s *Server) UpdatePasswordLockoutPolicy(ctx context.Context, req *admin_pb.
 		return nil, err
 	}
 	return &admin_pb.UpdatePasswordLockoutPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			policy.Sequence,
 			policy.ChangeDate,
 			policy.ResourceOwner,
--- a/internal/api/grpc/auth/email.go
+++ b/internal/api/grpc/auth/email.go
@@ -31,7 +31,7 @@ func (s *Server) SetMyEmail(ctx context.Context, req *auth_pb.SetMyEmailRequest)
 		return nil, err
 	}
 	return &auth_pb.SetMyEmailResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			email.Sequence,
 			email.ChangeDate,
 			email.ResourceOwner,
@@ -46,7 +46,7 @@ func (s *Server) VerifyMyEmail(ctx context.Context, req *auth_pb.VerifyMyEmailRe
 		return nil, err
 	}
 	return &auth_pb.VerifyMyEmailResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -57,6 +57,6 @@ func (s *Server) ResendMyEmailVerification(ctx context.Context, _ *auth_pb.Resen
 		return nil, err
 	}
 	return &auth_pb.ResendMyEmailVerificationResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/auth/idp.go
+++ b/internal/api/grpc/auth/idp.go
@@ -29,6 +29,6 @@ func (s *Server) RemoveMyLinkedIDP(ctx context.Context, req *auth_pb.RemoveMyLin
 		return nil, err
 	}
 	return &auth_pb.RemoveMyLinkedIDPResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/auth/multi_factor.go
+++ b/internal/api/grpc/auth/multi_factor.go
@@ -29,7 +29,7 @@ func (s *Server) AddMyAuthFactorOTP(ctx context.Context, _ *auth_pb.AddMyAuthFac
 	return &auth_pb.AddMyAuthFactorOTPResponse{
 		Url:    otp.Url,
 		Secret: otp.SecretString,
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			otp.Sequence,
 			otp.ChangeDate,
 			otp.ResourceOwner,
@@ -44,7 +44,7 @@ func (s *Server) VerifyMyAuthFactorOTP(ctx context.Context, req *auth_pb.VerifyM
 		return nil, err
 	}
 	return &auth_pb.VerifyMyAuthFactorOTPResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -55,7 +55,7 @@ func (s *Server) RemoveMyAuthFactorOTP(ctx context.Context, _ *auth_pb.RemoveMyA
 		return nil, err
 	}
 	return &auth_pb.RemoveMyAuthFactorOTPResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -70,7 +70,7 @@ func (s *Server) AddMyAuthFactorU2F(ctx context.Context, _ *auth_pb.AddMyAuthFac
 			Id:        u2f.WebAuthNTokenID,
 			PublicKey: u2f.CredentialCreationData,
 		},
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			u2f.Sequence,
 			u2f.ChangeDate,
 			u2f.ResourceOwner,
@@ -85,7 +85,7 @@ func (s *Server) VerifyMyAuthFactorU2F(ctx context.Context, req *auth_pb.VerifyM
 		return nil, err
 	}
 	return &auth_pb.VerifyMyAuthFactorU2FResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -96,6 +96,6 @@ func (s *Server) RemoveMyAuthFactorU2F(ctx context.Context, req *auth_pb.RemoveM
 		return nil, err
 	}
 	return &auth_pb.RemoveMyAuthFactorU2FResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/auth/password.go
+++ b/internal/api/grpc/auth/password.go
@@ -15,6 +15,6 @@ func (s *Server) UpdateMyPassword(ctx context.Context, req *auth_pb.UpdateMyPass
 		return nil, err
 	}
 	return &auth_pb.UpdateMyPasswordResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/auth/passwordless.go
+++ b/internal/api/grpc/auth/passwordless.go
@@ -27,7 +27,7 @@ func (s *Server) AddMyPasswordless(ctx context.Context, _ *auth_pb.AddMyPassword
 	}
 	return &auth_pb.AddMyPasswordlessResponse{
 		Key: user_grpc.WebAuthNTokenToWebAuthNKeyPb(u2f),
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			u2f.Sequence,
 			u2f.ChangeDate,
 			u2f.ResourceOwner,
@@ -42,7 +42,7 @@ func (s *Server) VerifyMyPasswordless(ctx context.Context, req *auth_pb.VerifyMy
 		return nil, err
 	}
 	return &auth_pb.VerifyMyPasswordlessResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -53,6 +53,6 @@ func (s *Server) RemoveMyPasswordless(ctx context.Context, req *auth_pb.RemoveMy
 		return nil, err
 	}
 	return &auth_pb.RemoveMyPasswordlessResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/auth/phone.go
+++ b/internal/api/grpc/auth/phone.go
@@ -26,12 +26,12 @@ func (s *Server) GetMyPhone(ctx context.Context, _ *auth_pb.GetMyPhoneRequest) (
 }

 func (s *Server) SetMyPhone(ctx context.Context, req *auth_pb.SetMyPhoneRequest) (*auth_pb.SetMyPhoneResponse, error) {
-	phone, err := s.command.ChangeHumanPhone(ctx, UpdateMyPhoneToDomain(ctx, req))
+	phone, err := s.command.ChangeHumanPhone(ctx, UpdateMyPhoneToDomain(ctx, req), authz.GetCtxData(ctx).ResourceOwner)
 	if err != nil {
 		return nil, err
 	}
 	return &auth_pb.SetMyPhoneResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			phone.Sequence,
 			phone.ChangeDate,
 			phone.ResourceOwner,
@@ -48,7 +48,7 @@ func (s *Server) VerifyMyPhone(ctx context.Context, req *auth_pb.VerifyMyPhoneRe

 	//TODO: response from business
 	return &auth_pb.VerifyMyPhoneResponse{
-		//Details: object.DomainToDetailsPb(objectDetails),
+		//Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -59,7 +59,7 @@ func (s *Server) ResendMyPhoneVerification(ctx context.Context, _ *auth_pb.Resen
 		return nil, err
 	}
 	return &auth_pb.ResendMyPhoneVerificationResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -70,6 +70,6 @@ func (s *Server) RemoveMyPhone(ctx context.Context, _ *auth_pb.RemoveMyPhoneRequ
 		return nil, err
 	}
 	return &auth_pb.RemoveMyPhoneResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/auth/profile.go
+++ b/internal/api/grpc/auth/profile.go
@@ -30,7 +30,7 @@ func (s *Server) UpdateMyProfile(ctx context.Context, req *auth_pb.UpdateMyProfi
 		return nil, err
 	}
 	return &auth_pb.UpdateMyProfileResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			profile.Sequence,
 			profile.ChangeDate,
 			profile.ResourceOwner,
--- a/internal/api/grpc/auth/user.go
+++ b/internal/api/grpc/auth/user.go
@@ -50,7 +50,7 @@ func (s *Server) UpdateMyUserName(ctx context.Context, req *auth_pb.UpdateMyUser
 		return nil, err
 	}
 	return &auth_pb.UpdateMyUserNameResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

--- a/internal/api/grpc/idp/converter.go
+++ b/internal/api/grpc/idp/converter.go
@@ -232,6 +232,17 @@ func IDPProviderTypeFromPb(typ idp_pb.IDPOwnerType) domain.IdentityProviderType
 	}
 }

+func IDPProviderTypeModelFromPb(typ idp_pb.IDPOwnerType) iam_model.IDPProviderType {
+	switch typ {
+	case idp_pb.IDPOwnerType_IDP_OWNER_TYPE_ORG:
+		return iam_model.IDPProviderTypeOrg
+	case idp_pb.IDPOwnerType_IDP_OWNER_TYPE_SYSTEM:
+		return iam_model.IDPProviderTypeSystem
+	default:
+		return iam_model.IDPProviderTypeOrg
+	}
+}
+
 func IDPIDQueryToModel(query *idp_pb.IDPIDQuery) *iam_model.IDPConfigSearchQuery {
 	return &iam_model.IDPConfigSearchQuery{
 		Key:    iam_model.IDPConfigSearchKeyIdpConfigID, //TODO: whats the difference between idpconfigid and aggregateid search key?
@@ -247,3 +258,11 @@ func IDPNameQueryToModel(query *idp_pb.IDPNameQuery) *iam_model.IDPConfigSearchQ
 		Value:  query.Name,
 	}
 }
+
+func IDPOwnerTypeQueryToModel(query *idp_pb.IDPOwnerTypeQuery) *iam_model.IDPConfigSearchQuery {
+	return &iam_model.IDPConfigSearchQuery{
+		Key:    iam_model.IDPConfigSearchKeyName,
+		Method: domain.SearchMethodEquals,
+		Value:  IDPProviderTypeModelFromPb(query.OwnerType),
+	}
+}
--- a/internal/api/grpc/management/idp.go
+++ b/internal/api/grpc/management/idp.go
@@ -36,7 +36,7 @@ func (s *Server) AddOrgOIDCIDP(ctx context.Context, req *mgmt_pb.AddOrgOIDCIDPRe
 	}
 	return &mgmt_pb.AddOrgOIDCIDPResponse{
 		IdpId: config.AggregateID,
-		Details: object_pb.ToDetailsPb(
+		Details: object_pb.AddToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
@@ -48,14 +48,14 @@ func (s *Server) DeactivateOrgIDP(ctx context.Context, req *mgmt_pb.DeactivateOr
 	if err != nil {
 		return nil, err
 	}
-	return &mgmt_pb.DeactivateOrgIDPResponse{Details: object_pb.DomainToDetailsPb(objectDetails)}, nil
+	return &mgmt_pb.DeactivateOrgIDPResponse{Details: object_pb.DomainToChangeDetailsPb(objectDetails)}, nil
 }
 func (s *Server) ReactivateOrgIDP(ctx context.Context, req *mgmt_pb.ReactivateOrgIDPRequest) (*mgmt_pb.ReactivateOrgIDPResponse, error) {
 	objectDetails, err := s.command.ReactivateDefaultIDPConfig(ctx, req.IdpId)
 	if err != nil {
 		return nil, err
 	}
-	return &mgmt_pb.ReactivateOrgIDPResponse{Details: object_pb.DomainToDetailsPb(objectDetails)}, nil
+	return &mgmt_pb.ReactivateOrgIDPResponse{Details: object_pb.DomainToChangeDetailsPb(objectDetails)}, nil
 }
 func (s *Server) RemoveOrgIDP(ctx context.Context, req *mgmt_pb.RemoveOrgIDPRequest) (*mgmt_pb.RemoveOrgIDPResponse, error) {
 	idpProviders, err := s.org.GetIDPProvidersByIDPConfigID(ctx, authz.GetCtxData(ctx).OrgID, req.IdpId)
@@ -78,7 +78,7 @@ func (s *Server) UpdateOrgIDP(ctx context.Context, req *mgmt_pb.UpdateOrgIDPRequ
 		return nil, err
 	}
 	return &mgmt_pb.UpdateOrgIDPResponse{
-		Details: object_pb.ToDetailsPb(
+		Details: object_pb.ChangeToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
--- a/internal/api/grpc/management/idp_converter.go
+++ b/internal/api/grpc/management/idp_converter.go
@@ -76,6 +76,8 @@ func idpQueryToModel(query *mgmt_pb.IDPQuery) *iam_model.IDPConfigSearchQuery {
 		return idp_grpc.IDPNameQueryToModel(q.IdpNameQuery)
 	case *mgmt_pb.IDPQuery_IdpIdQuery:
 		return idp_grpc.IDPIDQueryToModel(q.IdpIdQuery)
+	case *mgmt_pb.IDPQuery_OwnerTypeQuery:
+		return idp_grpc.IDPOwnerTypeQueryToModel(q.OwnerTypeQuery)
 	default:
 		return nil
 	}
--- a/internal/api/grpc/management/org.go
+++ b/internal/api/grpc/management/org.go
@@ -50,7 +50,7 @@ func (s *Server) AddOrg(ctx context.Context, req *mgmt_pb.AddOrgRequest) (*mgmt_
 	}
 	return &mgmt_pb.AddOrgResponse{
 		Id: org.AggregateID,
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			org.Sequence,
 			org.ChangeDate,
 			org.ResourceOwner,
@@ -64,7 +64,7 @@ func (s *Server) DeactivateOrg(ctx context.Context, req *mgmt_pb.DeactivateOrgRe
 		return nil, err
 	}
 	return &mgmt_pb.DeactivateOrgResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -74,7 +74,7 @@ func (s *Server) ReactivateOrg(ctx context.Context, req *mgmt_pb.ReactivateOrgRe
 		return nil, err
 	}
 	return &mgmt_pb.ReactivateOrgResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, err
 }

@@ -113,7 +113,7 @@ func (s *Server) AddOrgDomain(ctx context.Context, req *mgmt_pb.AddOrgDomainRequ
 		return nil, err
 	}
 	return &mgmt_pb.AddOrgDomainResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			domain.Sequence,
 			domain.ChangeDate,
 			domain.ResourceOwner,
@@ -127,7 +127,7 @@ func (s *Server) RemoveOrgDomain(ctx context.Context, req *mgmt_pb.RemoveOrgDoma
 		return nil, err
 	}
 	return &mgmt_pb.RemoveOrgDomainResponse{
-		Details: object.DomainToDetailsPb(details),
+		Details: object.DomainToChangeDetailsPb(details),
 	}, err
 }

@@ -159,7 +159,7 @@ func (s *Server) ValidateOrgDomain(ctx context.Context, req *mgmt_pb.ValidateOrg
 		return nil, err
 	}
 	return &mgmt_pb.ValidateOrgDomainResponse{
-		Details: object.DomainToDetailsPb(details),
+		Details: object.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -169,7 +169,7 @@ func (s *Server) SetPrimaryOrgDomain(ctx context.Context, req *mgmt_pb.SetPrimar
 		return nil, err
 	}
 	return &mgmt_pb.SetPrimaryOrgDomainResponse{
-		Details: object.DomainToDetailsPb(details),
+		Details: object.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -217,7 +217,7 @@ func (s *Server) AddOrgMember(ctx context.Context, req *mgmt_pb.AddOrgMemberRequ
 		return nil, err
 	}
 	return &mgmt_pb.AddOrgMemberResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			addedMember.Sequence,
 			addedMember.ChangeDate,
 			addedMember.ResourceOwner,
@@ -231,7 +231,7 @@ func (s *Server) UpdateOrgMember(ctx context.Context, req *mgmt_pb.UpdateOrgMemb
 		return nil, err
 	}
 	return &mgmt_pb.UpdateOrgMemberResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			changedMember.Sequence,
 			changedMember.ChangeDate,
 			changedMember.ResourceOwner,
@@ -245,6 +245,6 @@ func (s *Server) RemoveOrgMember(ctx context.Context, req *mgmt_pb.RemoveOrgMemb
 		return nil, err
 	}
 	return &mgmt_pb.RemoveOrgMemberResponse{
-		Details: object.DomainToDetailsPb(details),
+		Details: object.DomainToChangeDetailsPb(details),
 	}, nil
 }
--- a/internal/api/grpc/management/policy_login.go
+++ b/internal/api/grpc/management/policy_login.go
@@ -35,7 +35,7 @@ func (s *Server) AddCustomLoginPolicy(ctx context.Context, req *mgmt_pb.AddCusto
 		return nil, err
 	}
 	return &mgmt_pb.AddCustomLoginPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			policy.Sequence,
 			policy.ChangeDate,
 			policy.ResourceOwner,
@@ -49,7 +49,7 @@ func (s *Server) UpdateCustomLoginPolicy(ctx context.Context, req *mgmt_pb.Updat
 		return nil, err
 	}
 	return &mgmt_pb.UpdateCustomLoginPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			policy.Sequence,
 			policy.ChangeDate,
 			policy.ResourceOwner,
@@ -63,7 +63,7 @@ func (s *Server) ResetLoginPolicyToDefault(ctx context.Context, req *mgmt_pb.Res
 		return nil, err
 	}
 	return &mgmt_pb.ResetLoginPolicyToDefaultResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -84,7 +84,7 @@ func (s *Server) AddIDPToLoginPolicy(ctx context.Context, req *mgmt_pb.AddIDPToL
 		return nil, err
 	}
 	return &mgmt_pb.AddIDPToLoginPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			idp.Sequence,
 			idp.ChangeDate,
 			idp.ResourceOwner,
@@ -102,7 +102,7 @@ func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *mgmt_pb.Remo
 		return nil, err
 	}
 	return &mgmt_pb.RemoveIDPFromLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -124,7 +124,7 @@ func (s *Server) AddSecondFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.
 		return nil, err
 	}
 	return &mgmt_pb.AddSecondFactorToLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToAddDetailsPb(objectDetails),
 	}, nil
 }

@@ -134,7 +134,7 @@ func (s *Server) RemoveSecondFactorFromLoginPolicy(ctx context.Context, req *mgm
 		return nil, err
 	}
 	return &mgmt_pb.RemoveSecondFactorFromLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -156,7 +156,7 @@ func (s *Server) AddMultiFactorToLoginPolicy(ctx context.Context, req *mgmt_pb.A
 		return nil, err
 	}
 	return &mgmt_pb.AddMultiFactorToLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToAddDetailsPb(objectDetails),
 	}, nil
 }

@@ -166,6 +166,6 @@ func (s *Server) RemoveMultiFactorFromLoginPolicy(ctx context.Context, req *mgmt
 		return nil, err
 	}
 	return &mgmt_pb.RemoveMultiFactorFromLoginPolicyResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/management/policy_password_age.go
+++ b/internal/api/grpc/management/policy_password_age.go
@@ -34,7 +34,7 @@ func (s *Server) AddCustomPasswordAgePolicy(ctx context.Context, req *mgmt_pb.Ad
 		return nil, err
 	}
 	return &mgmt_pb.AddCustomPasswordAgePolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			result.Sequence,
 			result.ChangeDate,
 			result.ResourceOwner,
@@ -48,7 +48,7 @@ func (s *Server) UpdateCustomPasswordAgePolicy(ctx context.Context, req *mgmt_pb
 		return nil, err
 	}
 	return &mgmt_pb.UpdateCustomPasswordAgePolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			result.Sequence,
 			result.ChangeDate,
 			result.ResourceOwner,
@@ -62,6 +62,6 @@ func (s *Server) ResetPasswordAgePolicyToDefault(ctx context.Context, req *mgmt_
 		return nil, err
 	}
 	return &mgmt_pb.ResetPasswordAgePolicyToDefaultResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/management/policy_password_complexity.go
+++ b/internal/api/grpc/management/policy_password_complexity.go
@@ -30,7 +30,7 @@ func (s *Server) AddCustomPasswordComplexityPolicy(ctx context.Context, req *mgm
 		return nil, err
 	}
 	return &mgmt_pb.AddCustomPasswordComplexityPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			result.Sequence,
 			result.ChangeDate,
 			result.ResourceOwner,
@@ -44,7 +44,7 @@ func (s *Server) UpdateCustomPasswordComplexityPolicy(ctx context.Context, req *
 		return nil, err
 	}
 	return &mgmt_pb.UpdateCustomPasswordComplexityPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			result.Sequence,
 			result.ChangeDate,
 			result.ResourceOwner,
@@ -58,6 +58,6 @@ func (s *Server) ResetPasswordComplexityPolicyToDefault(ctx context.Context, req
 		return nil, err
 	}
 	return &mgmt_pb.ResetPasswordComplexityPolicyToDefaultResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/management/policy_password_lockout.go
+++ b/internal/api/grpc/management/policy_password_lockout.go
@@ -30,7 +30,7 @@ func (s *Server) AddCustomPasswordLockoutPolicy(ctx context.Context, req *mgmt_p
 		return nil, err
 	}
 	return &mgmt_pb.AddCustomPasswordLockoutPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			policy.Sequence,
 			policy.ChangeDate,
 			policy.ResourceOwner,
@@ -44,7 +44,7 @@ func (s *Server) UpdateCustomPasswordLockoutPolicy(ctx context.Context, req *mgm
 		return nil, err
 	}
 	return &mgmt_pb.UpdateCustomPasswordLockoutPolicyResponse{
-		Details: object.ToDetailsPb(
+		Details: object.ChangeToDetailsPb(
 			policy.Sequence,
 			policy.ChangeDate,
 			policy.ResourceOwner,
@@ -58,6 +58,6 @@ func (s *Server) ResetPasswordLockoutPolicyToDefault(ctx context.Context, req *m
 		return nil, err
 	}
 	return &mgmt_pb.ResetPasswordLockoutPolicyToDefaultResponse{
-		Details: object.DomainToDetailsPb(objectDetails),
+		Details: object.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
--- a/internal/api/grpc/management/project.go
+++ b/internal/api/grpc/management/project.go
@@ -56,7 +56,7 @@ func (s *Server) ListGrantedProjects(ctx context.Context, req *mgmt_pb.ListGrant
 	if err != nil {
 		return nil, err
 	}
-	queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
+	queries.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
 	projects, err := s.project.SearchGrantedProjects(ctx, queries)
 	if err != nil {
 		return nil, err
@@ -90,7 +90,7 @@ func (s *Server) AddProject(ctx context.Context, req *mgmt_pb.AddProjectRequest)
 	}
 	return &mgmt_pb.AddProjectResponse{
 		Id: project.AggregateID,
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.AddToDetailsPb(
 			project.Sequence,
 			project.ChangeDate,
 			project.ResourceOwner,
@@ -104,7 +104,7 @@ func (s *Server) UpdateProject(ctx context.Context, req *mgmt_pb.UpdateProjectRe
 		return nil, err
 	}
 	return &mgmt_pb.UpdateProjectResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			project.Sequence,
 			project.ChangeDate,
 			project.ResourceOwner,
@@ -118,7 +118,7 @@ func (s *Server) DeactivateProject(ctx context.Context, req *mgmt_pb.DeactivateP
 		return nil, err
 	}
 	return &mgmt_pb.DeactivateProjectResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -128,7 +128,7 @@ func (s *Server) ReactivateProject(ctx context.Context, req *mgmt_pb.ReactivateP
 		return nil, err
 	}
 	return &mgmt_pb.ReactivateProjectResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -142,7 +142,7 @@ func (s *Server) RemoveProject(ctx context.Context, req *mgmt_pb.RemoveProjectRe
 		return nil, err
 	}
 	return &mgmt_pb.RemoveProjectResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -172,7 +172,7 @@ func (s *Server) AddProjectRole(ctx context.Context, req *mgmt_pb.AddProjectRole
 		return nil, err
 	}
 	return &mgmt_pb.AddProjectRoleResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.AddToDetailsPb(
 			role.Sequence,
 			role.ChangeDate,
 			role.ResourceOwner,
@@ -186,7 +186,7 @@ func (s *Server) BulkAddProjectRoles(ctx context.Context, req *mgmt_pb.BulkAddPr
 		return nil, err
 	}
 	return &mgmt_pb.BulkAddProjectRolesResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToAddDetailsPb(details),
 	}, nil
 }

@@ -196,7 +196,7 @@ func (s *Server) UpdateProjectRole(ctx context.Context, req *mgmt_pb.UpdateProje
 		return nil, err
 	}
 	return &mgmt_pb.UpdateProjectRoleResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			role.Sequence,
 			role.ChangeDate,
 			role.ResourceOwner,
@@ -218,7 +218,7 @@ func (s *Server) RemoveProjectRole(ctx context.Context, req *mgmt_pb.RemoveProje
 		return nil, err
 	}
 	return &mgmt_pb.RemoveProjectRoleResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -256,7 +256,7 @@ func (s *Server) AddProjectMember(ctx context.Context, req *mgmt_pb.AddProjectMe
 		return nil, err
 	}
 	return &mgmt_pb.AddProjectMemberResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.AddToDetailsPb(
 			member.Sequence,
 			member.ChangeDate,
 			member.ResourceOwner,
@@ -270,7 +270,7 @@ func (s *Server) UpdateProjectMember(ctx context.Context, req *mgmt_pb.UpdatePro
 		return nil, err
 	}
 	return &mgmt_pb.UpdateProjectMemberResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			member.Sequence,
 			member.ChangeDate,
 			member.ResourceOwner,
@@ -284,6 +284,6 @@ func (s *Server) RemoveProjectMember(ctx context.Context, req *mgmt_pb.RemovePro
 		return nil, err
 	}
 	return &mgmt_pb.RemoveProjectMemberResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }
--- a/internal/api/grpc/management/project_application.go
+++ b/internal/api/grpc/management/project_application.go
@@ -58,7 +58,7 @@ func (s *Server) AddOIDCApp(ctx context.Context, req *mgmt_pb.AddOIDCAppRequest)
 	}
 	return &mgmt_pb.AddOIDCAppResponse{
 		AppId:              app.AppID,
-		Details:            object_grpc.ToDetailsPb(app.Sequence, app.ChangeDate, app.ResourceOwner),
+		Details:            object_grpc.AddToDetailsPb(app.Sequence, app.ChangeDate, app.ResourceOwner),
 		ClientId:           app.ClientID,
 		ClientSecret:       app.ClientSecretString,
 		NoneCompliant:      app.Compliance.NoneCompliant,
@@ -73,7 +73,7 @@ func (s *Server) AddAPIApp(ctx context.Context, req *mgmt_pb.AddAPIAppRequest) (
 	}
 	return &mgmt_pb.AddAPIAppResponse{
 		AppId:        app.AppID,
-		Details:      object_grpc.ToDetailsPb(app.Sequence, app.ChangeDate, app.ResourceOwner),
+		Details:      object_grpc.AddToDetailsPb(app.Sequence, app.ChangeDate, app.ResourceOwner),
 		ClientId:     app.ClientID,
 		ClientSecret: app.ClientSecretString,
 	}, nil
@@ -85,7 +85,7 @@ func (s *Server) UpdateApp(ctx context.Context, req *mgmt_pb.UpdateAppRequest) (
 		return nil, err
 	}
 	return &mgmt_pb.UpdateAppResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -95,7 +95,7 @@ func (s *Server) UpdateOIDCAppConfig(ctx context.Context, req *mgmt_pb.UpdateOID
 		return nil, err
 	}
 	return &mgmt_pb.UpdateOIDCAppConfigResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
@@ -109,7 +109,7 @@ func (s *Server) UpdateAPIAppConfig(ctx context.Context, req *mgmt_pb.UpdateAPIA
 		return nil, err
 	}
 	return &mgmt_pb.UpdateAPIAppConfigResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
@@ -123,7 +123,7 @@ func (s *Server) DeactivateApp(ctx context.Context, req *mgmt_pb.DeactivateAppRe
 		return nil, err
 	}
 	return &mgmt_pb.DeactivateAppResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -133,7 +133,7 @@ func (s *Server) ReactivateApp(ctx context.Context, req *mgmt_pb.ReactivateAppRe
 		return nil, err
 	}
 	return &mgmt_pb.ReactivateAppResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -143,7 +143,7 @@ func (s *Server) RemoveApp(ctx context.Context, req *mgmt_pb.RemoveAppRequest) (
 		return nil, err
 	}
 	return &mgmt_pb.RemoveAppResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -154,7 +154,7 @@ func (s *Server) RegenerateOIDCClientSecret(ctx context.Context, req *mgmt_pb.Re
 	}
 	return &mgmt_pb.RegenerateOIDCClientSecretResponse{
 		ClientSecret: config.ClientSecretString,
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
@@ -169,7 +169,7 @@ func (s *Server) RegenerateAPIClientSecret(ctx context.Context, req *mgmt_pb.Reg
 	}
 	return &mgmt_pb.RegenerateAPIClientSecretResponse{
 		ClientSecret: config.ClientSecretString,
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
 			config.ResourceOwner,
@@ -217,7 +217,7 @@ func (s *Server) AddAppKey(ctx context.Context, req *mgmt_pb.AddAppKeyRequest) (
 	}
 	return &mgmt_pb.AddAppKeyResponse{
 		Id:         key.KeyID,
-		Details:    object_grpc.ToDetailsPb(key.Sequence, key.ChangeDate, key.ResourceOwner),
+		Details:    object_grpc.AddToDetailsPb(key.Sequence, key.ChangeDate, key.ResourceOwner),
 		KeyDetails: keyDetails,
 	}, nil
 }
@@ -228,6 +228,6 @@ func (s *Server) RemoveAppKey(ctx context.Context, req *mgmt_pb.RemoveAppKeyRequ
 		return nil, err
 	}
 	return &mgmt_pb.RemoveAppKeyResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }
--- a/internal/api/grpc/management/project_grant.go
+++ b/internal/api/grpc/management/project_grant.go
@@ -47,7 +47,7 @@ func (s *Server) AddProjectGrant(ctx context.Context, req *mgmt_pb.AddProjectGra
 	}
 	return &mgmt_pb.AddProjectGrantResponse{
 		GrantId: grant.GrantID,
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.AddToDetailsPb(
 			grant.Sequence,
 			grant.ChangeDate,
 			grant.ResourceOwner,
@@ -65,7 +65,7 @@ func (s *Server) UpdateProjectGrant(ctx context.Context, req *mgmt_pb.UpdateProj
 		return nil, err
 	}
 	return &mgmt_pb.UpdateProjectGrantResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			grant.Sequence,
 			grant.ChangeDate,
 			grant.ResourceOwner,
@@ -79,7 +79,7 @@ func (s *Server) DeactivateProjectGrant(ctx context.Context, req *mgmt_pb.Deacti
 		return nil, err
 	}
 	return &mgmt_pb.DeactivateProjectGrantResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -89,7 +89,7 @@ func (s *Server) ReactivateProjectGrant(ctx context.Context, req *mgmt_pb.Reacti
 		return nil, err
 	}
 	return &mgmt_pb.ReactivateProjectGrantResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -99,7 +99,7 @@ func (s *Server) RemoveProjectGrant(ctx context.Context, req *mgmt_pb.RemoveProj
 		return nil, err
 	}
 	return &mgmt_pb.RemoveProjectGrantResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -132,7 +132,7 @@ func (s *Server) AddProjectGrantMember(ctx context.Context, req *mgmt_pb.AddProj
 		return nil, err
 	}
 	return &mgmt_pb.AddProjectGrantMemberResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.AddToDetailsPb(
 			member.Sequence,
 			member.ChangeDate,
 			member.ResourceOwner,
@@ -146,7 +146,7 @@ func (s *Server) UpdateProjectGrantMember(ctx context.Context, req *mgmt_pb.Upda
 		return nil, err
 	}
 	return &mgmt_pb.UpdateProjectGrantMemberResponse{
-		Details: object_grpc.ToDetailsPb(
+		Details: object_grpc.ChangeToDetailsPb(
 			member.Sequence,
 			member.ChangeDate,
 			member.ResourceOwner,
@@ -160,6 +160,6 @@ func (s *Server) RemoveProjectGrantMember(ctx context.Context, req *mgmt_pb.Remo
 		return nil, err
 	}
 	return &mgmt_pb.RemoveProjectGrantMemberResponse{
-		Details: object_grpc.DomainToDetailsPb(details),
+		Details: object_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -79,7 +79,7 @@ func (s *Server) AddHumanUser(ctx context.Context, req *mgmt_pb.AddHumanUserRequ
 	}
 	return &mgmt_pb.AddHumanUserResponse{
 		UserId: human.AggregateID,
-		Details: obj_grpc.ToDetailsPb(
+		Details: obj_grpc.AddToDetailsPb(
 			human.Sequence,
 			human.ChangeDate,
 			human.ResourceOwner,
@@ -94,7 +94,7 @@ func (s *Server) AddMachineUser(ctx context.Context, req *mgmt_pb.AddMachineUser
 	}
 	return &mgmt_pb.AddMachineUserResponse{
 		UserId: machine.AggregateID,
-		Details: obj_grpc.ToDetailsPb(
+		Details: obj_grpc.AddToDetailsPb(
 			machine.Sequence,
 			machine.ChangeDate,
 			machine.ResourceOwner,
@@ -108,7 +108,7 @@ func (s *Server) DeactivateUser(ctx context.Context, req *mgmt_pb.DeactivateUser
 		return nil, err
 	}
 	return &mgmt_pb.DeactivateUserResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -118,7 +118,7 @@ func (s *Server) ReactivateUser(ctx context.Context, req *mgmt_pb.ReactivateUser
 		return nil, err
 	}
 	return &mgmt_pb.ReactivateUserResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -128,7 +128,7 @@ func (s *Server) LockUser(ctx context.Context, req *mgmt_pb.LockUserRequest) (*m
 		return nil, err
 	}
 	return &mgmt_pb.LockUserResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -138,7 +138,7 @@ func (s *Server) UnlockUser(ctx context.Context, req *mgmt_pb.UnlockUserRequest)
 		return nil, err
 	}
 	return &mgmt_pb.UnlockUserResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -152,7 +152,7 @@ func (s *Server) RemoveUser(ctx context.Context, req *mgmt_pb.RemoveUserRequest)
 		return nil, err
 	}
 	return &mgmt_pb.RemoveUserResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -170,7 +170,7 @@ func (s *Server) UpdateUserName(ctx context.Context, req *mgmt_pb.UpdateUserName
 		return nil, err
 	}
 	return &mgmt_pb.UpdateUserNameResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -196,7 +196,7 @@ func (s *Server) UpdateHumanProfile(ctx context.Context, req *mgmt_pb.UpdateHuma
 		return nil, err
 	}
 	return &mgmt_pb.UpdateHumanProfileResponse{
-		Details: obj_grpc.ToDetailsPb(
+		Details: obj_grpc.ChangeToDetailsPb(
 			profile.Sequence,
 			profile.ChangeDate,
 			profile.ResourceOwner,
@@ -226,7 +226,7 @@ func (s *Server) UpdateHumanEmail(ctx context.Context, req *mgmt_pb.UpdateHumanE
 		return nil, err
 	}
 	return &mgmt_pb.UpdateHumanEmailResponse{
-		Details: obj_grpc.ToDetailsPb(
+		Details: obj_grpc.ChangeToDetailsPb(
 			email.Sequence,
 			email.ChangeDate,
 			email.ResourceOwner,
@@ -240,7 +240,7 @@ func (s *Server) ResendHumanInitialization(ctx context.Context, req *mgmt_pb.Res
 		return nil, err
 	}
 	return &mgmt_pb.ResendHumanInitializationResponse{
-		Details: obj_grpc.DomainToDetailsPb(details),
+		Details: obj_grpc.DomainToChangeDetailsPb(details),
 	}, nil
 }

@@ -250,7 +250,7 @@ func (s *Server) ResendHumanEmailVerification(ctx context.Context, req *mgmt_pb.
 		return nil, err
 	}
 	return &mgmt_pb.ResendHumanEmailVerificationResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -271,12 +271,12 @@ func (s *Server) GetHumanPhone(ctx context.Context, req *mgmt_pb.GetHumanPhoneRe
 }

 func (s *Server) UpdateHumanPhone(ctx context.Context, req *mgmt_pb.UpdateHumanPhoneRequest) (*mgmt_pb.UpdateHumanPhoneResponse, error) {
-	phone, err := s.command.ChangeHumanPhone(ctx, UpdateHumanPhoneRequestToDomain(req))
+	phone, err := s.command.ChangeHumanPhone(ctx, UpdateHumanPhoneRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.UpdateHumanPhoneResponse{
-		Details: obj_grpc.ToDetailsPb(
+		Details: obj_grpc.ChangeToDetailsPb(
 			phone.Sequence,
 			phone.ChangeDate,
 			phone.ResourceOwner,
@@ -290,7 +290,7 @@ func (s *Server) RemoveHumanPhone(ctx context.Context, req *mgmt_pb.RemoveHumanP
 		return nil, err
 	}
 	return &mgmt_pb.RemoveHumanPhoneResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -300,7 +300,7 @@ func (s *Server) ResendHumanPhoneVerification(ctx context.Context, req *mgmt_pb.
 		return nil, err
 	}
 	return &mgmt_pb.ResendHumanPhoneVerificationResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -310,7 +310,7 @@ func (s *Server) SetHumanInitialPassword(ctx context.Context, req *mgmt_pb.SetHu
 		return nil, err
 	}
 	return &mgmt_pb.SetHumanInitialPasswordResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -320,7 +320,7 @@ func (s *Server) SendHumanResetPasswordNotification(ctx context.Context, req *mg
 		return nil, err
 	}
 	return &mgmt_pb.SendHumanResetPasswordNotificationResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -340,7 +340,7 @@ func (s *Server) RemoveHumanAuthFactorOTP(ctx context.Context, req *mgmt_pb.Remo
 		return nil, err
 	}
 	return &mgmt_pb.RemoveHumanAuthFactorOTPResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -350,7 +350,7 @@ func (s *Server) RemoveHumanAuthFactorU2F(ctx context.Context, req *mgmt_pb.Remo
 		return nil, err
 	}
 	return &mgmt_pb.RemoveHumanAuthFactorU2FResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -370,7 +370,7 @@ func (s *Server) RemoveHumanPasswordless(ctx context.Context, req *mgmt_pb.Remov
 		return nil, err
 	}
 	return &mgmt_pb.RemoveHumanPasswordlessResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -380,7 +380,7 @@ func (s *Server) UpdateMachine(ctx context.Context, req *mgmt_pb.UpdateMachineRe
 		return nil, err
 	}
 	return &mgmt_pb.UpdateMachineResponse{
-		Details: obj_grpc.ToDetailsPb(
+		Details: obj_grpc.ChangeToDetailsPb(
 			machine.Sequence,
 			machine.ChangeDate,
 			machine.ResourceOwner,
@@ -425,7 +425,7 @@ func (s *Server) AddMachineKey(ctx context.Context, req *mgmt_pb.AddMachineKeyRe
 	return &mgmt_pb.AddMachineKeyResponse{
 		KeyId:      key.KeyID,
 		KeyDetails: keyDetails,
-		Details: object.ToDetailsPb(
+		Details: object.AddToDetailsPb(
 			key.Sequence,
 			key.ChangeDate,
 			key.ResourceOwner,
@@ -439,7 +439,7 @@ func (s *Server) RemoveMachineKey(ctx context.Context, req *mgmt_pb.RemoveMachin
 		return nil, err
 	}
 	return &mgmt_pb.RemoveMachineKeyResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -463,7 +463,7 @@ func (s *Server) RemoveHumanLinkedIDP(ctx context.Context, req *mgmt_pb.RemoveHu
 		return nil, err
 	}
 	return &mgmt_pb.RemoveHumanLinkedIDPResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

--- a/internal/api/grpc/management/user_converter.go
+++ b/internal/api/grpc/management/user_converter.go
@@ -93,6 +93,7 @@ func UpdateHumanProfileRequestToDomain(req *mgmt_pb.UpdateHumanProfileRequest) *

 func UpdateHumanEmailRequestToDomain(req *mgmt_pb.UpdateHumanEmailRequest) *domain.Email {
 	return &domain.Email{
+		ObjectRoot:      models.ObjectRoot{AggregateID: req.UserId},
 		EmailAddress:    req.Email,
 		IsEmailVerified: req.IsEmailVerified,
 	}
@@ -100,6 +101,7 @@ func UpdateHumanEmailRequestToDomain(req *mgmt_pb.UpdateHumanEmailRequest) *doma

 func UpdateHumanPhoneRequestToDomain(req *mgmt_pb.UpdateHumanPhoneRequest) *domain.Phone {
 	return &domain.Phone{
+		ObjectRoot:      models.ObjectRoot{AggregateID: req.UserId},
 		PhoneNumber:     req.Phone,
 		IsPhoneVerified: req.IsPhoneVerified,
 	}
--- a/internal/api/grpc/management/user_grant.go
+++ b/internal/api/grpc/management/user_grant.go
@@ -43,7 +43,7 @@ func (s *Server) AddUserGrant(ctx context.Context, req *mgmt_pb.AddUserGrantRequ
 	}
 	return &mgmt_pb.AddUserGrantResponse{
 		UserGrantId: grant.AggregateID,
-		Details: obj_grpc.ToDetailsPb(
+		Details: obj_grpc.AddToDetailsPb(
 			grant.Sequence,
 			grant.ChangeDate,
 			grant.ResourceOwner,
@@ -57,7 +57,7 @@ func (s *Server) UpdateUserGrant(ctx context.Context, req *mgmt_pb.UpdateUserGra
 		return nil, err
 	}
 	return &mgmt_pb.UpdateUserGrantResponse{
-		Details: obj_grpc.ToDetailsPb(
+		Details: obj_grpc.ChangeToDetailsPb(
 			grant.Sequence,
 			grant.ChangeDate,
 			grant.ResourceOwner,
@@ -71,7 +71,7 @@ func (s *Server) DeactivateUserGrant(ctx context.Context, req *mgmt_pb.Deactivat
 		return nil, err
 	}
 	return &mgmt_pb.DeactivateUserGrantResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -81,7 +81,7 @@ func (s *Server) ReactivateUserGrant(ctx context.Context, req *mgmt_pb.Reactivat
 		return nil, err
 	}
 	return &mgmt_pb.ReactivateUserGrantResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

@@ -91,7 +91,7 @@ func (s *Server) RemoveUserGrant(ctx context.Context, req *mgmt_pb.RemoveUserGra
 		return nil, err
 	}
 	return &mgmt_pb.RemoveUserGrantResponse{
-		Details: obj_grpc.DomainToDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }

--- a/internal/api/grpc/object/converter.go
+++ b/internal/api/grpc/object/converter.go
@@ -10,10 +10,18 @@ import (
 	object_pb "github.com/caos/zitadel/pkg/grpc/object"
 )

-func DomainToDetailsPb(objectDetail *domain.ObjectDetails) *object_pb.ObjectDetails {
+func DomainToChangeDetailsPb(objectDetail *domain.ObjectDetails) *object_pb.ObjectDetails {
 	return &object_pb.ObjectDetails{
 		Sequence:      objectDetail.Sequence,
-		ChangeDate:    timestamppb.New(objectDetail.ChangeDate),
+		ChangeDate:    timestamppb.New(objectDetail.EventDate),
+		ResourceOwner: objectDetail.ResourceOwner,
+	}
+}
+
+func DomainToAddDetailsPb(objectDetail *domain.ObjectDetails) *object_pb.ObjectDetails {
+	return &object_pb.ObjectDetails{
+		Sequence:      objectDetail.Sequence,
+		CreationDate:  timestamppb.New(objectDetail.EventDate),
 		ResourceOwner: objectDetail.ResourceOwner,
 	}
 }
@@ -32,7 +40,7 @@ func ToViewDetailsPb(
 	}
 }

-func ToDetailsPb(
+func ChangeToDetailsPb(
 	sequence uint64,
 	changeDate time.Time,
 	resourceOwner string,
@@ -44,6 +52,18 @@ func ToDetailsPb(
 	}
 }

+func AddToDetailsPb(
+	sequence uint64,
+	creationDate time.Time,
+	resourceOwner string,
+) *object_pb.ObjectDetails {
+	return &object_pb.ObjectDetails{
+		Sequence:      sequence,
+		CreationDate:  timestamppb.New(creationDate),
+		ResourceOwner: resourceOwner,
+	}
+}
+
 func ToListDetails(
 	totalResult,
 	processedSequence uint64,
--- a/internal/api/grpc/org/converter.go
+++ b/internal/api/grpc/org/converter.go
@@ -71,10 +71,10 @@ func OrgToPb(org *grant_model.Org) *org_pb.Org {
 		Id:   org.OrgID,
 		Name: org.OrgName,
 		// State: OrgStateToPb(org.State), //TODO: not provided
-		// Details: object.ToDetailsPb(//TODO: not provided
+		// Details: object.ChangeToDetailsPb(//TODO: not provided
 		// 	org.Sequence,//TODO: not provided
 		// 	org.CreationDate,//TODO: not provided
-		// 	org.ChangeDate,//TODO: not provided
+		// 	org.EventDate,//TODO: not provided
 		// 	org.ResourceOwner,//TODO: not provided
 		// ),//TODO: not provided
 	}