falling through

apps/login/src/app/(login)/idp/[provider]/success/page.tsx

@@ -3,6 +3,7 @@ import {
   addIDPLink,
   createUser,
   getBrandingSettings,
+  getIDPByID,
   retrieveIDPIntent,
 } from "@/lib/zitadel";
 import Alert, { AlertType } from "@/ui/Alert";
@@ -77,6 +78,7 @@ const PROVIDER_MAPPING: {
       },
       idpLinks: [idpLink],
     };
+
     return req;
   },
   [ProviderSlug.GITHUB]: (idp: IDPInformation) => {
@@ -120,76 +122,132 @@ export default async function Page({
   const branding = await getBrandingSettings(organization);
   if (provider && id && token) {
     return retrieveIDPIntent(id, token)
-      .then((resp) => {
+      .then(async (resp) => {
         const { idpInformation, userId } = resp;
 
-        if (idpInformation) {
+        if (userId) {
-          if (userId) {
+          // TODO: update user if idp.options.isAutoUpdate is true
-            return (
-              <DynamicTheme branding={branding}>
-                <div className="flex flex-col items-center space-y-4">
-                  <h1>Login successful</h1>
-                  <div>You have successfully been loggedIn!</div>
 
-                  <IdpSignin
+          return (
-                    userId={userId}
+            <DynamicTheme branding={branding}>
-                    idpIntent={{ idpIntentId: id, idpIntentToken: token }}
+              <div className="flex flex-col items-center space-y-4">
-                    authRequestId={authRequestId}
+                <h1>Login successful</h1>
-                  />
+                <div>You have successfully been loggedIn!</div>
-                </div>
+
-              </DynamicTheme>
+                <IdpSignin
-            );
+                  userId={userId}
-          } else {
+                  idpIntent={{ idpIntentId: id, idpIntentToken: token }}
-            return createUser(provider, idpInformation)
+                  authRequestId={authRequestId}
-              .then((userId) => {
+                />
+              </div>
+            </DynamicTheme>
+          );
+        }
+
+        if (idpInformation) {
+          const idp = await getIDPByID(idpInformation.idpId);
+          const options = idp?.config?.options;
+
+          // search for potential user via username, then link
+          if (options?.isLinkingAllowed) {
+            const userId = "";
+
+            const idpLink = await addIDPLink(
+              {
+                id: idpInformation.idpId,
+                userId: idpInformation.userId,
+                userName: idpInformation.userName,
+              },
+              userId,
+            ).catch((error) => {
+              return (
+                <DynamicTheme branding={branding}>
+                  <div className="flex flex-col items-center space-y-4">
+                    <h1>Linking failed</h1>
+                    <div className="w-full">
+                      {
+                        <Alert type={AlertType.ALERT}>
+                          {JSON.stringify(error.message)}
+                        </Alert>
+                      }
+                    </div>
+                  </div>
+                </DynamicTheme>
+              );
+            });
+
+            if (idpLink) {
+              return (
+                <DynamicTheme branding={branding}>
+                  <div className="flex flex-col items-center space-y-4">
+                    <h1>Account successfully linked</h1>
+                    <div>Your account has successfully been linked!</div>
+                  </div>
+                </DynamicTheme>
+              );
+            }
+          } else if (options?.isCreationAllowed && options.isAutoCreation) {
+            const userId = await createUser(provider, idpInformation).catch(
+              (error) => {
                 return (
                   <DynamicTheme branding={branding}>
                     <div className="flex flex-col items-center space-y-4">
-                      <h1>Register successful</h1>
+                      <h1>Register failed</h1>
-                      <div>You have successfully been registered!</div>
+                      <div className="w-full">
+                        {
+                          <Alert type={AlertType.ALERT}>
+                            {JSON.stringify(error.message)}
+                          </Alert>
+                        }
+                      </div>
                     </div>
                   </DynamicTheme>
                 );
-              })
+              },
-              .catch((error) => {
+            );
-                if (error.code === 6) {
+
-                  return addIDPLink(
+            if (userId) {
-                    {
+              return (
-                      id: idpInformation.idpId,
+                <DynamicTheme branding={branding}>
-                      userId: idpInformation.userId,
+                  <div className="flex flex-col items-center space-y-4">
-                      userName: idpInformation.userName,
+                    <h1>Register successful</h1>
-                    },
+                    <div>You have successfully been registered!</div>
-                    userId,
+                  </div>
-                  ).then(() => {
+                </DynamicTheme>
-                    return (
+              );
-                      <DynamicTheme branding={branding}>
+            }
-                        <div className="flex flex-col items-center space-y-4">
-                          <h1>Account successfully linked</h1>
-                          <div>Your account has successfully been linked!</div>
-                        </div>
-                      </DynamicTheme>
-                    );
-                  });
-                } else {
-                  return (
-                    <DynamicTheme branding={branding}>
-                      <div className="flex flex-col items-center space-y-4">
-                        <h1>Register failed</h1>
-                        <div className="w-full">
-                          {
-                            <Alert type={AlertType.ALERT}>
-                              {JSON.stringify(error.message)}
-                            </Alert>
-                          }
-                        </div>
-                      </div>
-                    </DynamicTheme>
-                  );
-                }
-              });
           }
+
+          // return login failed if no linking or creation is allowed and no user was found
+          return (
+            <DynamicTheme branding={branding}>
+              <div className="flex flex-col items-center space-y-4">
+                <h1>Login failed</h1>
+                <div className="w-full">
+                  {
+                    <Alert type={AlertType.ALERT}>
+                      User could not be logged in
+                    </Alert>
+                  }
+                </div>
+              </div>
+            </DynamicTheme>
+          );
         } else {
-          throw new Error("Could not get user information.");
+          return (
+            <DynamicTheme branding={branding}>
+              <div className="flex flex-col items-center space-y-4">
+                <h1>Login failed</h1>
+                <div className="w-full">
+                  {
+                    <Alert type={AlertType.ALERT}>
+                      Could not get user information
+                    </Alert>
+                  }
+                </div>
+              </div>
+            </DynamicTheme>
+          );
         }
       })
       .catch((error) => {

apps/login/src/lib/zitadel.ts

@@ -3,6 +3,7 @@ import {
   createSessionServiceClient,
   createSettingsServiceClient,
   createUserServiceClient,
+  createIdpServiceClient,
   makeReqCtx,
 } from "@zitadel/client/v2";
 import { createManagementServiceClient } from "@zitadel/client/v1";
@@ -12,13 +13,15 @@ import { RequestChallenges } from "@zitadel/proto/zitadel/session/v2/challenge_p
 import {
   RetrieveIdentityProviderIntentRequest,
   VerifyU2FRegistrationRequest,
+  AddHumanUserRequest,
 } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { IDPInformation, IDPLink } from "@zitadel/proto/zitadel/user/v2/idp_pb";
 
 import { CreateCallbackRequest } from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb";
 import { TextQueryMethod } from "@zitadel/proto/zitadel/object/v2/object_pb";
 import type { RedirectURLs } from "@zitadel/proto/zitadel/user/v2/idp_pb";
 import { ProviderSlug } from "./demos";
-import { PlainMessage } from "@zitadel/client";
+import { PartialMessage, PlainMessage } from "@zitadel/client";
 
 const SESSION_LIFETIME_S = 3000;
 
@@ -34,6 +37,7 @@ export const sessionService = createSessionServiceClient(transport);
 export const managementService = createManagementServiceClient(transport);
 export const userService = createUserServiceClient(transport);
 export const oidcService = createOIDCServiceClient(transport);
+export const idpService = createIdpServiceClient(transport);
 
 export const settingsService = createSettingsServiceClient(transport);
 
@@ -355,6 +359,10 @@ export function retrieveIDPIntent(id: string, token: string) {
   );
 }
 
+export function getIDPByID(id: string) {
+  return idpService.getIDPByID({ id }, {}).then((resp) => resp.idp);
+}
+
 export function addIDPLink(
   idp: {
     id: string;

packages/zitadel-client/src/v2.ts

@@ -1,10 +1,12 @@
 import { FeatureService } from "@zitadel/proto/zitadel/feature/v2/feature_service_connect";
+import { IdentityProviderService } from "@zitadel/proto/zitadel/idp/v2/idp_service_connect";
 import { RequestContext } from "@zitadel/proto/zitadel/object/v2/object_pb";
 import { OIDCService } from "@zitadel/proto/zitadel/oidc/v2/oidc_service_connect";
 import { OrganizationService } from "@zitadel/proto/zitadel/org/v2/org_service_connect";
 import { SessionService } from "@zitadel/proto/zitadel/session/v2/session_service_connect";
 import { SettingsService } from "@zitadel/proto/zitadel/settings/v2/settings_service_connect";
 import { UserService } from "@zitadel/proto/zitadel/user/v2/user_service_connect";
+
 import { createClientFor } from "./helpers";
 
 export const createUserServiceClient = createClientFor(UserService);
@@ -13,6 +15,7 @@ export const createSessionServiceClient = createClientFor(SessionService);
 export const createOIDCServiceClient = createClientFor(OIDCService);
 export const createOrganizationServiceClient = createClientFor(OrganizationService);
 export const createFeatureServiceClient = createClientFor(FeatureService);
+export const createIdpServiceClient = createClientFor(IdentityProviderService);
 
 export function makeReqCtx(orgId: string | undefined): Partial<RequestContext> {
   return {