Merge pull request #89 from zitadel/qa

Promote qa to main (domain discovery)

.prettierrc.json

@@ -0,0 +1,5 @@
+{
+  "printWidth": 125,
+  "trailingComma": "all",
+  "plugins": ["prettier-plugin-organize-imports"]
+}

apps/login/cypress/integration/login.cy.ts

@@ -2,7 +2,7 @@ import { stub } from "../support/mock";
 
 describe("login", () => {
   beforeEach(() => {
-    stub("zitadel.session.v2beta.SessionService", "CreateSession", {
+    stub("zitadel.session.v2.SessionService", "CreateSession", {
       data: {
         details: {
           sequence: 859,
@@ -16,7 +16,7 @@ describe("login", () => {
       },
     });
 
-    stub("zitadel.session.v2beta.SessionService", "GetSession", {
+    stub("zitadel.session.v2.SessionService", "GetSession", {
       data: {
         session: {
           id: "221394658884845598",
@@ -37,7 +37,7 @@ describe("login", () => {
       },
     });
 
-    stub("zitadel.settings.v2beta.SettingsService", "GetLoginSettings", {
+    stub("zitadel.settings.v2.SettingsService", "GetLoginSettings", {
       data: {
         settings: {
           passkeysType: 1,
@@ -47,7 +47,7 @@ describe("login", () => {
   });
   describe("password login", () => {
     beforeEach(() => {
-      stub("zitadel.user.v2beta.UserService", "ListUsers", {
+      stub("zitadel.user.v2.UserService", "ListUsers", {
         data: {
           details: {
             totalResult: 1,
@@ -79,7 +79,7 @@ describe("login", () => {
           ],
         },
       });
-      stub("zitadel.user.v2beta.UserService", "ListAuthenticationMethodTypes", {
+      stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
         data: {
           authMethodTypes: [1], // 1 for password authentication
         },
@@ -91,7 +91,7 @@ describe("login", () => {
     });
     describe("with passkey prompt", () => {
       beforeEach(() => {
-        stub("zitadel.session.v2beta.SessionService", "SetSession", {
+        stub("zitadel.session.v2.SessionService", "SetSession", {
           data: {
             details: {
               sequence: 859,
@@ -118,7 +118,7 @@ describe("login", () => {
   });
   describe("passkey login", () => {
     beforeEach(() => {
-      stub("zitadel.user.v2beta.UserService", "ListUsers", {
+      stub("zitadel.user.v2.UserService", "ListUsers", {
         data: {
           details: {
             totalResult: 1,
@@ -150,7 +150,7 @@ describe("login", () => {
           ],
         },
       });
-      stub("zitadel.user.v2beta.UserService", "ListAuthenticationMethodTypes", {
+      stub("zitadel.user.v2.UserService", "ListAuthenticationMethodTypes", {
         data: {
           authMethodTypes: [2], // 2 for passwordless authentication
         },

apps/login/cypress/integration/register-idp.cy.ts

@@ -4,7 +4,7 @@ const IDP_URL = "https://example.com/idp/url";
 
 describe("register idps", () => {
   beforeEach(() => {
-    stub("zitadel.user.v2beta.UserService", "StartIdentityProviderIntent", {
+    stub("zitadel.user.v2.UserService", "StartIdentityProviderIntent", {
       data: {
         authUrl: IDP_URL,
       },

apps/login/cypress/integration/register.cy.ts

@@ -2,7 +2,7 @@ import { stub } from "../support/mock";
 
 describe("register", () => {
   beforeEach(() => {
-    stub("zitadel.user.v2beta.UserService", "AddHumanUser", {
+    stub("zitadel.user.v2.UserService", "AddHumanUser", {
       data: {
         userId: "123",
       },

apps/login/cypress/integration/verify.cy.ts

@@ -2,12 +2,12 @@ import { stub } from "../support/mock";
 
 describe("/verify", () => {
   it("redirects after successful email verification", () => {
-    stub("zitadel.user.v2beta.UserService", "VerifyEmail");
+    stub("zitadel.user.v2.UserService", "VerifyEmail");
     cy.visit("/verify?userId=123&code=abc&submit=true");
     cy.location("pathname", { timeout: 10_000 }).should("eq", "/loginname");
   });
   it("shows an error if validation failed", () => {
-    stub("zitadel.user.v2beta.UserService", "VerifyEmail", {
+    stub("zitadel.user.v2.UserService", "VerifyEmail", {
       code: 3,
       error: "error validating code",
     });

apps/login/mock/initial-stubs/zitadel.settings.v2beta.SettingsService.json

@@ -1,11 +1,11 @@
 [
   {
-    "service": "zitadel.settings.v2beta.SettingsService",
+    "service": "zitadel.settings.v2.SettingsService",
     "method": "GetBrandingSettings",
     "out": {}
   },
   {
-    "service": "zitadel.settings.v2beta.SettingsService",
+    "service": "zitadel.settings.v2.SettingsService",
     "method": "GetLegalAndSupportSettings",
     "out": {
       "data": {
@@ -18,7 +18,7 @@
     }
   },
   {
-    "service": "zitadel.settings.v2beta.SettingsService",
+    "service": "zitadel.settings.v2.SettingsService",
     "method": "GetActiveIdentityProviders",
     "out": {
       "data": {
@@ -33,7 +33,7 @@
     }
   },
   {
-    "service": "zitadel.settings.v2beta.SettingsService",
+    "service": "zitadel.settings.v2.SettingsService",
     "method": "GetPasswordComplexitySettings",
     "out": {
       "data": {

apps/login/mock/mocked-services.cfg

@@ -1,6 +1,6 @@
-zitadel/user/v2beta/user_service.proto
-zitadel/session/v2beta/session_service.proto
-zitadel/settings/v2beta/settings_service.proto
+zitadel/user/v2/user_service.proto
+zitadel/session/v2/session_service.proto
+zitadel/settings/v2/settings_service.proto
 zitadel/management.proto
 zitadel/auth.proto
 zitadel/admin.proto

apps/login/package.json

@@ -36,10 +36,10 @@
     "@heroicons/react": "2.1.3",
     "@tailwindcss/forms": "0.5.7",
     "@vercel/analytics": "^1.2.2",
-    "@zitadel/proto": "workspace:*",
     "@zitadel/client": "workspace:*",
-    "@zitadel/react": "workspace:*",
     "@zitadel/node": "workspace:*",
+    "@zitadel/proto": "workspace:*",
+    "@zitadel/react": "workspace:*",
     "clsx": "1.2.1",
     "copy-to-clipboard": "^3.3.3",
     "moment": "^2.29.4",
@@ -54,7 +54,7 @@
     "tinycolor2": "1.4.2"
   },
   "devDependencies": {
-    "@bufbuild/buf": "^1.14.0",
+    "@bufbuild/buf": "^1.35.1",
     "@testing-library/jest-dom": "^6.4.5",
     "@testing-library/react": "^15.0.7",
     "@types/ms": "0.7.31",

apps/login/src/app/(login)/idp/[provider]/failure/page.tsx

@@ -1,14 +1,7 @@
 import { ProviderSlug } from "@/lib/demos";
-import { getBrandingSettings } from "@/lib/zitadel";
+import { getBrandingSettings, PROVIDER_NAME_MAPPING } from "@/lib/zitadel";
 import DynamicTheme from "@/ui/DynamicTheme";
 
-const PROVIDER_NAME_MAPPING: {
-  [provider: string]: string;
-} = {
-  [ProviderSlug.GOOGLE]: "Google",
-  [ProviderSlug.GITHUB]: "GitHub",
-};
-
 export default async function Page({
   searchParams,
   params,

apps/login/src/app/(login)/idp/[provider]/success/page.tsx

@@ -3,11 +3,8 @@ import { getBrandingSettings, userService } from "@/lib/zitadel";
 import Alert, { AlertType } from "@/ui/Alert";
 import DynamicTheme from "@/ui/DynamicTheme";
 import IdpSignin from "@/ui/IdpSignin";
-import { AddHumanUserRequest } from "@zitadel/proto/zitadel/user/v2beta/user_service_pb";
-import {
-  IDPInformation,
-  IDPLink,
-} from "@zitadel/proto/zitadel/user/v2beta/idp_pb";
+import { AddHumanUserRequest } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import { IDPInformation, IDPLink } from "@zitadel/proto/zitadel/user/v2/idp_pb";
 import { PartialMessage } from "@zitadel/client";
 
 const PROVIDER_MAPPING: {

apps/login/src/app/(login)/idp/page.tsx

@@ -5,7 +5,7 @@ import {
 } from "@/lib/zitadel";
 import DynamicTheme from "@/ui/DynamicTheme";
 import { SignInWithIDP } from "@/ui/SignInWithIDP";
-import { makeReqCtx } from "@zitadel/client/v2beta";
+import { makeReqCtx } from "@zitadel/client/v2";
 
 function getIdentityProviders(orgId?: string) {
   return settingsService

apps/login/src/app/(login)/loginname/page.tsx

@@ -7,7 +7,7 @@ import {
 import DynamicTheme from "@/ui/DynamicTheme";
 import { SignInWithIDP } from "@/ui/SignInWithIDP";
 import UsernameForm from "@/ui/UsernameForm";
-import { makeReqCtx } from "@zitadel/client/v2beta";
+import { makeReqCtx } from "@zitadel/client/v2";
 
 function getIdentityProviders(orgId?: string) {
   return settingsService

apps/login/src/app/(login)/otp/[method]/set/page.tsx

@@ -14,7 +14,7 @@ import TOTPRegister from "@/ui/TOTPRegister";
 import UserAvatar from "@/ui/UserAvatar";
 import { getMostRecentCookieWithLoginname } from "@/utils/cookies";
 import Link from "next/link";
-import { RegisterTOTPResponse } from "@zitadel/proto/zitadel/user/v2beta/user_service_pb";
+import { RegisterTOTPResponse } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 
 export default async function Page({
   searchParams,

apps/login/src/app/(login)/register/page.tsx

@@ -51,6 +51,9 @@ export default async function Page({
           <RegisterFormWithoutPassword
             legal={legal}
             organization={organization}
+            firstname={firstname}
+            lastname={lastname}
+            email={email}
             authRequestId={authRequestId}
           ></RegisterFormWithoutPassword>
         )}

apps/login/src/app/api/loginname/route.ts

@@ -1,12 +1,21 @@
-import { listAuthenticationMethodTypes, listUsers } from "@/lib/zitadel";
+import { ProviderSlug } from "@/lib/demos";
+import {
+  getActiveIdentityProviders,
+  getLoginSettings,
+  listAuthenticationMethodTypes,
+  listUsers,
+  PROVIDER_NAME_MAPPING,
+  startIdentityProviderFlow,
+} from "@/lib/zitadel";
 import { createSessionForUserIdAndUpdateCookie } from "@/utils/session";
+import { IdentityProviderType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
 import { NextRequest, NextResponse } from "next/server";
 
 export async function POST(request: NextRequest) {
   const body = await request.json();
   if (body) {
     const { loginName, authRequestId, organization } = body;
-    return listUsers(loginName, organization).then((users) => {
+    return listUsers(loginName, organization).then(async (users) => {
       if (users.details?.totalResult == BigInt(1) && users.result[0].userId) {
         const userId = users.result[0].userId;
         return createSessionForUserIdAndUpdateCookie(
@@ -37,6 +46,102 @@ export async function POST(request: NextRequest) {
             return NextResponse.json(error, { status: 500 });
           });
       } else {
+        const loginSettings = await getLoginSettings(organization);
+        // TODO: check if allowDomainDiscovery has to be allowed too, to redirect to the register page
+        // user not found, check if register is enabled on organization
+
+        if (
+          loginSettings?.allowRegister &&
+          !loginSettings?.allowUsernamePassword
+        ) {
+          // TODO redirect to loginname page with idp hint
+          const identityProviders = await getActiveIdentityProviders(
+            organization,
+          ).then((resp) => {
+            return resp.identityProviders;
+          });
+
+          if (identityProviders.length === 1) {
+            const host = request.nextUrl.origin;
+
+            const identityProviderType = identityProviders[0].type;
+            let provider: string;
+
+            switch (identityProviderType) {
+              case IdentityProviderType.GITHUB:
+                provider = "github";
+                break;
+              case IdentityProviderType.GOOGLE:
+                provider = "google";
+                break;
+              case IdentityProviderType.AZURE_AD:
+                provider = "azure";
+                break;
+              case IdentityProviderType.SAML:
+                provider = "saml";
+                break;
+              case IdentityProviderType.OIDC:
+                provider = "oidc";
+                break;
+              default:
+                provider = "oidc";
+                break;
+            }
+
+            const params = new URLSearchParams();
+
+            if (authRequestId) {
+              params.set("authRequestId", authRequestId);
+            }
+
+            if (organization) {
+              params.set("organization", organization);
+            }
+
+            return startIdentityProviderFlow({
+              idpId: identityProviders[0].id,
+              urls: {
+                successUrl:
+                  `${host}/idp/${provider}/success?` +
+                  new URLSearchParams(params),
+                failureUrl:
+                  `${host}/idp/${provider}/failure?` +
+                  new URLSearchParams(params),
+              },
+            }).then((resp: any) => {
+              if (resp.authUrl) {
+                return NextResponse.json({ nextStep: resp.authUrl });
+              }
+            });
+          } else {
+            return NextResponse.json(
+              { message: "Could not find user" },
+              { status: 404 },
+            );
+          }
+        } else if (
+          loginSettings?.allowRegister &&
+          loginSettings?.allowUsernamePassword
+        ) {
+          const params: any = { organization };
+          if (authRequestId) {
+            params.authRequestId = authRequestId;
+          }
+          if (loginName) {
+            params.email = loginName;
+          }
+
+          const registerUrl = new URL(
+            "/register?" + new URLSearchParams(params),
+            request.url,
+          );
+
+          return NextResponse.json({
+            nextStep: registerUrl,
+            status: 200,
+          });
+        }
+
         return NextResponse.json(
           { message: "Could not find user" },
           { status: 404 },

apps/login/src/app/api/otp/set/route.ts

@@ -6,7 +6,7 @@ import {
 } from "@/utils/cookies";
 import { setSessionAndUpdateCookie } from "@/utils/session";
 import { NextRequest, NextResponse, userAgent } from "next/server";
-import { Checks } from "@zitadel/proto/zitadel/session/v2beta/session_service_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
 import { PlainMessage } from "@zitadel/client";
 
 export async function POST(request: NextRequest) {

apps/login/src/app/api/u2f/verify/route.ts

@@ -1,7 +1,7 @@
 import { getSession, verifyU2FRegistration } from "@/lib/zitadel";
 import { getSessionCookieById } from "@/utils/cookies";
 import { NextRequest, NextResponse, userAgent } from "next/server";
-import { VerifyU2FRegistrationRequest } from "@zitadel/proto/zitadel/user/v2beta/user_service_pb";
+import { VerifyU2FRegistrationRequest } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 import { PlainMessage } from "@zitadel/client";
 
 export async function POST(request: NextRequest) {

apps/login/src/app/login/route.ts

@@ -1,16 +1,19 @@
 import {
   createCallback,
+  getActiveIdentityProviders,
   getAuthRequest,
   getOrgByDomain,
   listSessions,
+  startIdentityProviderFlow,
 } from "@/lib/zitadel";
 import { SessionCookie, getAllSessions } from "@/utils/cookies";
 import { NextRequest, NextResponse } from "next/server";
-import { Session } from "@zitadel/proto/zitadel/session/v2beta/session_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
 import {
   AuthRequest,
   Prompt,
-} from "@zitadel/proto/zitadel/oidc/v2beta/authorization_pb";
+} from "@zitadel/proto/zitadel/oidc/v2/authorization_pb";
+import { IdentityProviderType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
 
 async function loadSessions(ids: string[]): Promise<Session[]> {
   const response = await listSessions(
@@ -22,6 +25,7 @@ async function loadSessions(ids: string[]): Promise<Session[]> {
 
 const ORG_SCOPE_REGEX = /urn:zitadel:iam:org:id:([0-9]+)/;
 const ORG_DOMAIN_SCOPE_REGEX = /urn:zitadel:iam:org:domain:primary:(.+)/; // TODO: check regex for all domain character options
+const IDP_SCOPE_REGEX = /urn:zitadel:iam:org:idp:id:(.+)/;
 
 function findSession(
   sessions: Session[],
@@ -96,16 +100,20 @@ export async function GET(request: NextRequest) {
   }
 
   if (authRequestId) {
-    console.log(`Login with authRequest: ${authRequestId}`);
     const { authRequest } = await getAuthRequest({ authRequestId });
 
     let organization = "";
+    let idpId = "";
 
     if (authRequest?.scope) {
       const orgScope = authRequest.scope.find((s: string) =>
         ORG_SCOPE_REGEX.test(s),
       );
 
+      const idpScope = authRequest.scope.find((s: string) =>
+        IDP_SCOPE_REGEX.test(s),
+      );
+
       if (orgScope) {
         const matched = ORG_SCOPE_REGEX.exec(orgScope);
         organization = matched?.[1] ?? "";
@@ -123,6 +131,76 @@ export async function GET(request: NextRequest) {
           }
         }
       }
+
+      if (idpScope) {
+        const matched = IDP_SCOPE_REGEX.exec(idpScope);
+        idpId = matched?.[1] ?? "";
+
+        const identityProviders = await getActiveIdentityProviders(
+          organization ? organization : undefined,
+        ).then((resp) => {
+          return resp.identityProviders;
+        });
+
+        const idp = identityProviders.find((idp) => idp.id === idpId);
+
+        if (idp) {
+          const host = request.nextUrl.origin;
+
+          const identityProviderType = identityProviders[0].type;
+          let provider: string;
+
+          switch (identityProviderType) {
+            case IdentityProviderType.GITHUB:
+              provider = "github";
+              break;
+            case IdentityProviderType.GOOGLE:
+              provider = "google";
+              break;
+            case IdentityProviderType.AZURE_AD:
+              provider = "azure";
+              break;
+            case IdentityProviderType.SAML:
+              provider = "saml";
+              break;
+            case IdentityProviderType.OIDC:
+              provider = "oidc";
+              break;
+            default:
+              provider = "oidc";
+              break;
+          }
+
+          const params = new URLSearchParams();
+
+          if (authRequestId) {
+            params.set("authRequestId", authRequestId);
+          }
+
+          if (organization) {
+            params.set("organization", organization);
+          }
+
+          return startIdentityProviderFlow({
+            idpId,
+            urls: {
+              successUrl:
+                `${host}/idp/${provider}/success?` +
+                new URLSearchParams(params),
+              failureUrl:
+                `${host}/idp/${provider}/failure?` +
+                new URLSearchParams(params),
+            },
+          }).then((resp) => {
+            if (
+              resp.nextStep.value &&
+              typeof resp.nextStep.value === "string"
+            ) {
+              return NextResponse.redirect(resp.nextStep.value);
+            }
+          });
+        }
+      }
     }
 
     const gotoAccounts = (): NextResponse<unknown> => {

apps/login/src/app/sessions/route.ts

@@ -1,6 +1,6 @@
 import { listSessions } from "@/lib/zitadel";
 import { SessionCookie, getAllSessions } from "@/utils/cookies";
-import { Session } from "@zitadel/proto/zitadel/session/v2beta/session_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
 import { NextRequest, NextResponse } from "next/server";
 
 async function loadSessions(ids: string[]): Promise<Session[]> {

apps/login/src/lib/zitadel.ts

@@ -4,18 +4,21 @@ import {
   createSettingsServiceClient,
   createUserServiceClient,
   makeReqCtx,
-} from "@zitadel/client/v2beta";
+} from "@zitadel/client/v2";
 import { createManagementServiceClient } from "@zitadel/client/v1";
 import { createServerTransport } from "@zitadel/node";
-import { Checks } from "@zitadel/proto/zitadel/session/v2beta/session_service_pb";
-import { RequestChallenges } from "@zitadel/proto/zitadel/session/v2beta/challenge_pb";
+import { GetActiveIdentityProvidersRequest } from "@zitadel/proto/zitadel/settings/v2/settings_service_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { RequestChallenges } from "@zitadel/proto/zitadel/session/v2/challenge_pb";
 import {
   RetrieveIdentityProviderIntentRequest,
   VerifyU2FRegistrationRequest,
-} from "@zitadel/proto/zitadel/user/v2beta/user_service_pb";
-import { CreateCallbackRequest } from "@zitadel/proto/zitadel/oidc/v2beta/oidc_service_pb";
-import { TextQueryMethod } from "@zitadel/proto/zitadel/object/v2beta/object_pb";
-import type { RedirectURLs } from "@zitadel/proto/zitadel/user/v2beta/idp_pb";
+} from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+
+import { CreateCallbackRequest } from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb";
+import { TextQueryMethod } from "@zitadel/proto/zitadel/object/v2/object_pb";
+import type { RedirectURLs } from "@zitadel/proto/zitadel/user/v2/idp_pb";
+import { ProviderSlug } from "./demos";
 import { PlainMessage } from "@zitadel/client";
 
 const SESSION_LIFETIME_S = 3000;
@@ -290,6 +293,13 @@ export async function getOrgByDomain(domain: string) {
   return managementService.getOrgByDomainGlobal({ domain }, {});
 }
 
+export const PROVIDER_NAME_MAPPING: {
+  [provider: string]: string;
+} = {
+  [ProviderSlug.GOOGLE]: "Google",
+  [ProviderSlug.GITHUB]: "GitHub",
+};
+
 export async function startIdentityProviderFlow({
   idpId,
   urls,
@@ -426,6 +436,13 @@ export async function verifyU2FRegistration(
   return userService.verifyU2FRegistration(request, {});
 }
 
+export async function getActiveIdentityProviders(orgId?: string) {
+  return settingsService.getActiveIdentityProviders(
+    { ctx: makeReqCtx(orgId) },
+    {},
+  );
+}
+
 /**
  *
  * @param userId the id of the user where the email should be set

apps/login/src/ui/ChooseSecondFactor.tsx

@@ -5,7 +5,7 @@ import { BadgeState, StateBadge } from "./StateBadge";
 import clsx from "clsx";
 import { CheckIcon } from "@heroicons/react/24/outline";
 import { EMAIL, SMS, TOTP, U2F } from "./AuthMethods";
-import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2beta/user_service_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 
 type Props = {
   loginName?: string;

apps/login/src/ui/ChooseSecondFactorToSetup.tsx

@@ -1,8 +1,8 @@
 "use client";
 
 import { EMAIL, SMS, TOTP, U2F } from "./AuthMethods";
-import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2beta/login_settings_pb";
-import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2beta/user_service_pb";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 
 type Props = {
   loginName?: string;

apps/login/src/ui/DynamicTheme.tsx

@@ -4,7 +4,7 @@ import React from "react";
 import { Logo } from "@/ui/Logo";
 import ThemeWrapper from "./ThemeWrapper";
 import { LayoutProviders } from "./LayoutProviders";
-import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2beta/branding_settings_pb";
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
 
 export default function DynamicTheme({
   branding,

apps/login/src/ui/LoginOTP.tsx

@@ -8,9 +8,9 @@ import { Spinner } from "./Spinner";
 import { useForm } from "react-hook-form";
 import { TextInput } from "./Input";
 import BackButton from "./BackButton";
-import { Checks } from "@zitadel/proto/zitadel/session/v2beta/session_service_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
 import { PlainMessage } from "@zitadel/client";
-import { Challenges } from "@zitadel/proto/zitadel/session/v2beta/challenge_pb";
+import { Challenges } from "@zitadel/proto/zitadel/session/v2/challenge_pb";
 
 // either loginName or sessionId must be provided
 type Props = {

apps/login/src/ui/LoginPasskey.tsx

@@ -7,7 +7,7 @@ import { Button, ButtonVariants } from "./Button";
 import Alert from "./Alert";
 import { Spinner } from "./Spinner";
 import BackButton from "./BackButton";
-import { Checks } from "@zitadel/proto/zitadel/session/v2beta/session_service_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
 
 // either loginName or sessionId must be provided
 type Props = {

apps/login/src/ui/PasswordComplexity.tsx

@@ -4,7 +4,7 @@ import {
   symbolValidator,
   upperCaseValidator,
 } from "@/utils/validators";
-import { PasswordComplexitySettings } from "@zitadel/proto/zitadel/settings/v2beta/password_settings_pb";
+import { PasswordComplexitySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
 
 type Props = {
   passwordComplexitySettings: PasswordComplexitySettings;

apps/login/src/ui/PasswordForm.tsx

@@ -8,9 +8,9 @@ import { useRouter } from "next/navigation";
 import { Spinner } from "./Spinner";
 import Alert from "./Alert";
 import BackButton from "./BackButton";
-import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2beta/login_settings_pb";
-import { Checks } from "@zitadel/proto/zitadel/session/v2beta/session_service_pb";
-import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2beta/user_service_pb";
+import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 
 type Inputs = {
   password: string;

apps/login/src/ui/PrivacyPolicyCheckboxes.tsx

@@ -2,7 +2,7 @@
 import React, { useState } from "react";
 import Link from "next/link";
 import { Checkbox } from "./Checkbox";
-import { LegalAndSupportSettings } from "@zitadel/proto/zitadel/settings/v2beta/legal_settings_pb";
+import { LegalAndSupportSettings } from "@zitadel/proto/zitadel/settings/v2/legal_settings_pb";
 
 type Props = {
   legal: LegalAndSupportSettings;

apps/login/src/ui/RegisterFormWithoutPassword.tsx

@@ -12,7 +12,8 @@ import AuthenticationMethodRadio, {
 } from "./AuthenticationMethodRadio";
 import Alert from "./Alert";
 import BackButton from "./BackButton";
-import { LegalAndSupportSettings } from "@zitadel/proto/zitadel/settings/v2beta/legal_settings_pb";
+import { LegalAndSupportSettings } from "@zitadel/proto/zitadel/settings/v2/legal_settings_pb";
+import { first } from "node_modules/cypress/types/lodash";
 
 type Inputs =
   | {
@@ -24,17 +25,28 @@ type Inputs =
 
 type Props = {
   legal: LegalAndSupportSettings;
+  firstname?: string;
+  lastname?: string;
+  email?: string;
   organization?: string;
   authRequestId?: string;
 };
 
 export default function RegisterFormWithoutPassword({
   legal,
+  email,
+  firstname,
+  lastname,
   organization,
   authRequestId,
 }: Props) {
   const { register, handleSubmit, formState } = useForm<Inputs>({
     mode: "onBlur",
+    defaultValues: {
+      email: email ?? "",
+      firstName: firstname ?? "",
+      lastname: lastname ?? "",
+    },
   });
 
   const [loading, setLoading] = useState<boolean>(false);

apps/login/src/ui/RegisterPasskey.tsx

@@ -8,7 +8,7 @@ import { Spinner } from "./Spinner";
 import Alert from "./Alert";
 import { coerceToArrayBuffer, coerceToBase64Url } from "@/utils/base64";
 import BackButton from "./BackButton";
-import { RegisterPasskeyResponse } from "@zitadel/proto/zitadel/user/v2beta/user_service_pb";
+import { RegisterPasskeyResponse } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 
 type Inputs = {};
 

apps/login/src/ui/RegisterU2F.tsx

@@ -8,7 +8,7 @@ import { Spinner } from "./Spinner";
 import Alert from "./Alert";
 import { coerceToArrayBuffer, coerceToBase64Url } from "@/utils/base64";
 import BackButton from "./BackButton";
-import { RegisterU2FResponse } from "@zitadel/proto/zitadel/user/v2beta/user_service_pb";
+import { RegisterU2FResponse } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 
 type Inputs = {};
 

apps/login/src/ui/SessionItem.tsx

@@ -5,7 +5,7 @@ import { useState } from "react";
 import { Avatar } from "./Avatar";
 import moment from "moment";
 import { XCircleIcon } from "@heroicons/react/24/outline";
-import { Session } from "@zitadel/proto/zitadel/session/v2beta/session_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
 
 export default function SessionItem({
   session,

apps/login/src/ui/SessionsList.tsx

@@ -3,7 +3,7 @@
 import SessionItem from "./SessionItem";
 import Alert from "./Alert";
 import { useEffect, useState } from "react";
-import { Session } from "@zitadel/proto/zitadel/session/v2beta/session_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
 
 type Props = {
   sessions: Session[];

apps/login/src/ui/SetPasswordForm.tsx

@@ -14,7 +14,7 @@ import {
 import { useRouter } from "next/navigation";
 import { Spinner } from "./Spinner";
 import Alert from "./Alert";
-import { PasswordComplexitySettings } from "@zitadel/proto/zitadel/settings/v2beta/password_settings_pb";
+import { PasswordComplexitySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
 
 type Inputs =
   | {
@@ -42,6 +42,11 @@ export default function SetPasswordForm({
 }: Props) {
   const { register, handleSubmit, watch, formState } = useForm<Inputs>({
     mode: "onBlur",
+    defaultValues: {
+      email: email ?? "",
+      firstname: firstname ?? "",
+      lastname: lastname ?? "",
+    },
   });
 
   const [loading, setLoading] = useState<boolean>(false);

apps/login/src/ui/SignInWithIDP.tsx

@@ -11,7 +11,7 @@ import { useRouter } from "next/navigation";
 import { ProviderSlug } from "@/lib/demos";
 import Alert from "./Alert";
 import BackButton from "./BackButton";
-import { IdentityProvider } from "@zitadel/proto/zitadel/settings/v2beta/login_settings_pb";
+import { IdentityProvider } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
 
 export interface SignInWithIDPProps {
   children?: ReactNode;
@@ -19,18 +19,13 @@ export interface SignInWithIDPProps {
   identityProviders: IdentityProvider[];
   authRequestId?: string;
   organization?: string;
-  startIDPFlowPath?: (idpId: string) => string;
 }
 
-const START_IDP_FLOW_PATH = (idpId: string) =>
-  `/v2beta/users/idps/${idpId}/start`;
-
 export function SignInWithIDP({
   host,
   identityProviders,
   authRequestId,
   organization,
-  startIDPFlowPath = START_IDP_FLOW_PATH,
 }: SignInWithIDPProps) {
   // TODO: remove casting when bufbuild/protobuf-es@v2 is released
   identityProviders = identityProviders.map((idp) =>

apps/login/src/ui/ThemeWrapper.tsx

@@ -2,7 +2,7 @@
 
 import { setTheme } from "@/utils/colors";
 import { useEffect } from "react";
-import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2beta/branding_settings_pb";
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
 import { PartialMessage } from "@zitadel/client";
 
 type Props = {

apps/login/src/ui/UsernameForm.tsx

@@ -10,7 +10,7 @@ import Alert from "./Alert";
 import {
   LoginSettings,
   PasskeysType,
-} from "@zitadel/proto/zitadel/settings/v2beta/login_settings_pb";
+} from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
 
 type Inputs = {
   loginName: string;
@@ -82,9 +82,10 @@ export default function UsernameForm({
     values: Inputs,
     organization?: string,
   ) {
-    console.log(loginSettings);
     return submitLoginName(values, organization).then((response) => {
-      if (response.authMethodTypes.length == 1) {
+      if (response.nextStep) {
+        return router.push(response.nextStep);
+      } else if (response.authMethodTypes.length == 1) {
         const method = response.authMethodTypes[0];
         switch (method) {
           case 1: // user has only password as auth method
@@ -92,8 +93,11 @@ export default function UsernameForm({
               loginName: response.factors.user.loginName,
             };
 
-            if (organization) {
-              paramsPassword.organization = organization;
+            // TODO: does this have to be checked in loginSettings.allowDomainDiscovery
+
+            if (organization || response.factors.user.organizationId) {
+              paramsPassword.organization =
+                organization ?? response.factors.user.organizationId;
             }
 
             if (
@@ -117,8 +121,10 @@ export default function UsernameForm({
             if (authRequestId) {
               paramsPasskey.authRequestId = authRequestId;
             }
-            if (organization) {
-              paramsPasskey.organization = organization;
+
+            if (organization || response.factors.user.organizationId) {
+              paramsPasskey.organization =
+                organization ?? response.factors.user.organizationId;
             }
 
             return router.push(
@@ -134,8 +140,10 @@ export default function UsernameForm({
             if (authRequestId) {
               paramsPasskeyDefault.authRequestId = authRequestId;
             }
-            if (organization) {
-              paramsPasskeyDefault.organization = organization;
+
+            if (organization || response.factors.user.organizationId) {
+              paramsPasskeyDefault.organization =
+                organization ?? response.factors.user.organizationId;
             }
 
             return router.push(
@@ -161,8 +169,9 @@ export default function UsernameForm({
             passkeyParams.authRequestId = authRequestId;
           }
 
-          if (organization) {
-            passkeyParams.organization = organization;
+          if (organization || response.factors.user.organizationId) {
+            passkeyParams.organization =
+              organization ?? response.factors.user.organizationId;
           }
 
           return router.push(
@@ -180,8 +189,9 @@ export default function UsernameForm({
             paramsPasswordDefault.authRequestId = authRequestId;
           }
 
-          if (organization) {
-            paramsPasswordDefault.organization = organization;
+          if (organization || response.factors.user.organizationId) {
+            paramsPasswordDefault.organization =
+              organization ?? response.factors.user.organizationId;
           }
 
           return router.push(

apps/login/src/utils/colors.ts

@@ -1,5 +1,5 @@
 import tinycolor from "tinycolor2";
-import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2beta/branding_settings_pb";
+import { BrandingSettings } from "@zitadel/proto/zitadel/settings/v2/branding_settings_pb";
 import { PartialMessage } from "@zitadel/client";
 
 export interface Color {

apps/login/src/utils/session.ts

@@ -14,9 +14,9 @@ import {
 import {
   Challenges,
   RequestChallenges,
-} from "@zitadel/proto/zitadel/session/v2beta/challenge_pb";
-import { Session } from "@zitadel/proto/zitadel/session/v2beta/session_pb";
-import { Checks } from "@zitadel/proto/zitadel/session/v2beta/session_service_pb";
+} from "@zitadel/proto/zitadel/session/v2/challenge_pb";
+import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
 import { PlainMessage } from "@zitadel/client";
 
 export async function createSessionAndUpdateCookie(
@@ -91,7 +91,6 @@ export async function createSessionForUserIdAndUpdateCookie(
   );
 
   if (createdSession) {
-    console.log("cs", createdSession);
     return getSession(
       createdSession.sessionId,
       createdSession.sessionToken,

package.json

@@ -29,6 +29,7 @@
     "eslint": "^8.57.0",
     "eslint-config-zitadel": "workspace:*",
     "prettier": "^3.2.5",
+    "prettier-plugin-organize-imports": "^4.0.0",
     "tsup": "^8.0.2",
     "turbo": "2.0.9",
     "typescript": "^5.4.5",

packages/zitadel-client/.gitignore

@@ -0,0 +1 @@
+src/proto

packages/zitadel-client/package.json

@@ -18,10 +18,10 @@
       "require": "./dist/v1.cjs",
       "types": "./dist/v1.d.ts"
     },
-    "./v2beta": {
-      "import": "./dist/v2beta.js",
-      "require": "./dist/v2beta.cjs",
-      "types": "./dist/v2beta.d.ts"
+    "./v2": {
+      "import": "./dist/v2.js",
+      "require": "./dist/v2.cjs",
+      "types": "./dist/v2.d.ts"
     },
     "./v3alpha": {
       "import": "./dist/v3alpha.js",

packages/zitadel-client/src/v2.ts

@@ -0,0 +1,21 @@
+import { FeatureService } from "@zitadel/proto/zitadel/feature/v2/feature_service_connect";
+import { RequestContext } from "@zitadel/proto/zitadel/object/v2/object_pb";
+import { OIDCService } from "@zitadel/proto/zitadel/oidc/v2/oidc_service_connect";
+import { OrganizationService } from "@zitadel/proto/zitadel/org/v2/org_service_connect";
+import { SessionService } from "@zitadel/proto/zitadel/session/v2/session_service_connect";
+import { SettingsService } from "@zitadel/proto/zitadel/settings/v2/settings_service_connect";
+import { UserService } from "@zitadel/proto/zitadel/user/v2/user_service_connect";
+import { createClientFor } from "./helpers";
+
+export const createUserServiceClient = createClientFor(UserService);
+export const createSettingsServiceClient = createClientFor(SettingsService);
+export const createSessionServiceClient = createClientFor(SessionService);
+export const createOIDCServiceClient = createClientFor(OIDCService);
+export const createOrganizationServiceClient = createClientFor(OrganizationService);
+export const createFeatureServiceClient = createClientFor(FeatureService);
+
+export function makeReqCtx(orgId: string | undefined): Partial<RequestContext> {
+  return {
+    resourceOwner: orgId ? { case: "orgId", value: orgId } : { case: "instance", value: true },
+  };
+}

packages/zitadel-client/src/v2beta.ts

@@ -1,28 +0,0 @@
-import type { PartialMessage } from "@bufbuild/protobuf";
-
-import { createClientFor } from "./helpers";
-import { UserService } from "@zitadel/proto/zitadel/user/v2beta/user_service_connect";
-import { SettingsService } from "@zitadel/proto/zitadel/settings/v2beta/settings_service_connect";
-import { SessionService } from "@zitadel/proto/zitadel/session/v2beta/session_service_connect";
-import { OIDCService } from "@zitadel/proto/zitadel/oidc/v2beta/oidc_service_connect";
-import { OrganizationService } from "@zitadel/proto/zitadel/org/v2beta/org_service_connect";
-import { FeatureService } from "@zitadel/proto/zitadel/feature/v2beta/feature_service_connect";
-import type { RequestContext } from "@zitadel/proto/zitadel/object/v2beta/object_pb";
-
-export const createUserServiceClient = createClientFor(UserService);
-export const createSettingsServiceClient = createClientFor(SettingsService);
-export const createSessionServiceClient = createClientFor(SessionService);
-export const createOIDCServiceClient = createClientFor(OIDCService);
-export const createOrganizationServiceClient =
-  createClientFor(OrganizationService);
-export const createFeatureServiceClient = createClientFor(FeatureService);
-
-export function makeReqCtx(
-  orgId: string | undefined,
-): PartialMessage<RequestContext> {
-  return {
-    resourceOwner: orgId
-      ? { case: "orgId", value: orgId }
-      : { case: "instance", value: true },
-  };
-}

packages/zitadel-client/src/v3alpha.ts

@@ -1,8 +1,6 @@
-import { createClientFor } from "./helpers";
 import { UserSchemaService } from "@zitadel/proto/zitadel/user/schema/v3alpha/user_schema_service_connect";
 import { UserService } from "@zitadel/proto/zitadel/user/v3alpha/user_service_connect";
-import { ActionService } from "@zitadel/proto/zitadel/action/v3alpha/action_service_connect";
+import { createClientFor } from "./helpers";
 
 export const createUserSchemaServiceClient = createClientFor(UserSchemaService);
 export const createUserServiceClient = createClientFor(UserService);
-export const createActionServiceClient = createClientFor(ActionService);

packages/zitadel-client/tsup.config.ts

@@ -1,7 +1,7 @@
 import { defineConfig, Options } from "tsup";
 
 export default defineConfig((options: Options) => ({
-  entry: ["src/index.ts", "src/v1.ts", "src/v2beta.ts", "src/v3alpha.ts"],
+  entry: ["src/index.ts", "src/v1.ts", "src/v2.ts", "src/v3alpha.ts"],
   format: ["esm", "cjs"],
   treeshake: false,
   splitting: true,

packages/zitadel-next/package.json

@@ -23,20 +23,20 @@
     "clean": "rm -rf .turbo && rm -rf node_modules && rm -rf dist"
   },
   "peerDependencies": {
-    "@zitadel/react": "workspace:*",
     "@zitadel/node": "workspace:*",
+    "@zitadel/react": "workspace:*",
     "next": "^14.2.3",
     "react": "18.2.0"
   },
   "dependencies": {
-    "next": "^14.2.3"
+    "next": "^14.2.5"
   },
   "devDependencies": {
-    "@types/react": "^17.0.13",
+    "@types/react": "^17.0.80",
     "@zitadel/tsconfig": "workspace:*",
     "eslint-config-zitadel": "workspace:*",
-    "tailwindcss": "3.2.4",
     "postcss": "8.4.21",
+    "tailwindcss": "3.2.4",
     "zitadel-tailwind-config": "workspace:*"
   }
 }

packages/zitadel-proto/buf.gen.yaml

@@ -1,8 +1,8 @@
-version: v1
+version: v2
 managed:
   enabled: true
 plugins:
-  - plugin: buf.build/connectrpc/es:v1.4.0
+  - remote: buf.build/connectrpc/es:v1.4.0
     out: .
-  - plugin: buf.build/bufbuild/es
+  - remote: buf.build/bufbuild/es:v1.7.2
     out: .

packages/zitadel-proto/package.json

@@ -6,16 +6,18 @@
     "access": "public"
   },
   "type": "module",
-  "files": ["zitadel/**"],
+  "files": [
+    "zitadel/**"
+  ],
   "sideEffects": false,
   "scripts": {
     "generate": "buf generate https://github.com/zitadel/zitadel.git --path ./proto/zitadel",
-    "clean": "rm -rf .turbo && rm -rf node_modules"
+    "clean": "rm -rf zitadel && rm -rf .turbo && rm -rf node_modules"
   },
   "dependencies": {
     "@bufbuild/protobuf": "^1.10.0"
   },
   "devDependencies": {
-    "@bufbuild/buf": "^1.32.1"
+    "@bufbuild/buf": "^1.35.1"
   }
 }

packages/zitadel-proto/turbo.json

@@ -1,13 +1,9 @@
 {
-  "extends": [
-    "//"
-  ],
+  "extends": ["//"],
   "tasks": {
     "generate": {
-      "outputs": [
-        "zitadel/**"
-      ],
-      "cache": true
+      "outputs": ["zitadel/**"],
+      "cache": false
     }
   }
 }