mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 02:54:20 +00:00
fix(oidc): add missing fields to introspection (#6967)
during QA I found some user info and org ID was missing. This change adds those missing fields.
This commit is contained in:
parent
1ef186e338
commit
72bc3ffe14
@ -12,7 +12,9 @@ import (
|
|||||||
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
||||||
"github.com/zitadel/oidc/v3/pkg/client/rs"
|
"github.com/zitadel/oidc/v3/pkg/client/rs"
|
||||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||||
|
"golang.org/x/text/language"
|
||||||
|
|
||||||
|
oidc_api "github.com/zitadel/zitadel/internal/api/oidc"
|
||||||
"github.com/zitadel/zitadel/pkg/grpc/authn"
|
"github.com/zitadel/zitadel/pkg/grpc/authn"
|
||||||
"github.com/zitadel/zitadel/pkg/grpc/management"
|
"github.com/zitadel/zitadel/pkg/grpc/management"
|
||||||
oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta"
|
oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta"
|
||||||
@ -65,7 +67,7 @@ func TestServer_Introspect(t *testing.T) {
|
|||||||
resourceServer, err := Tester.CreateResourceServer(CTX, keyResp.GetKeyDetails())
|
resourceServer, err := Tester.CreateResourceServer(CTX, keyResp.GetKeyDetails())
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
scope := []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopeOfflineAccess}
|
scope := []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopeOfflineAccess, oidc_api.ScopeResourceOwner}
|
||||||
authRequestID := createAuthRequest(t, app.GetClientId(), redirectURI, scope...)
|
authRequestID := createAuthRequest(t, app.GetClientId(), redirectURI, scope...)
|
||||||
sessionID, sessionToken, startTime, changeTime := Tester.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId())
|
sessionID, sessionToken, startTime, changeTime := Tester.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId())
|
||||||
linkResp, err := Tester.Client.OIDCv2.CreateCallback(CTXLOGIN, &oidc_pb.CreateCallbackRequest{
|
linkResp, err := Tester.Client.OIDCv2.CreateCallback(CTXLOGIN, &oidc_pb.CreateCallbackRequest{
|
||||||
@ -129,7 +131,14 @@ func assertIntrospection(
|
|||||||
assert.Equal(t, "Mickey", introspection.GivenName)
|
assert.Equal(t, "Mickey", introspection.GivenName)
|
||||||
assert.Equal(t, "Mouse", introspection.FamilyName)
|
assert.Equal(t, "Mouse", introspection.FamilyName)
|
||||||
assert.Equal(t, "Mickey Mouse", introspection.Name)
|
assert.Equal(t, "Mickey Mouse", introspection.Name)
|
||||||
|
assert.Equal(t, oidc.Gender("male"), introspection.Gender)
|
||||||
|
assert.Equal(t, oidc.NewLocale(language.Dutch), introspection.Locale)
|
||||||
assert.Equal(t, introspection.Username, introspection.Email)
|
assert.Equal(t, introspection.Username, introspection.Email)
|
||||||
assert.False(t, bool(introspection.EmailVerified))
|
assert.False(t, bool(introspection.EmailVerified))
|
||||||
assertOIDCTime(t, introspection.UpdatedAt, User.GetDetails().GetChangeDate().AsTime())
|
assertOIDCTime(t, introspection.UpdatedAt, User.GetDetails().GetChangeDate().AsTime())
|
||||||
|
|
||||||
|
require.NotNil(t, introspection.Claims)
|
||||||
|
assert.Equal(t, User.Details.ResourceOwner, introspection.Claims[oidc_api.ClaimResourceOwner+"id"])
|
||||||
|
assert.NotEmpty(t, introspection.Claims[oidc_api.ClaimResourceOwner+"name"])
|
||||||
|
assert.NotEmpty(t, introspection.Claims[oidc_api.ClaimResourceOwner+"primary_domain"])
|
||||||
}
|
}
|
||||||
|
@ -7,6 +7,7 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
crewjam_saml "github.com/crewjam/saml"
|
crewjam_saml "github.com/crewjam/saml"
|
||||||
|
"github.com/muhlemmer/gu"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
"github.com/zitadel/logging"
|
"github.com/zitadel/logging"
|
||||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||||
@ -90,8 +91,10 @@ func (s *Tester) CreateHumanUser(ctx context.Context) *user.AddHumanUserResponse
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
Profile: &user.SetHumanProfile{
|
Profile: &user.SetHumanProfile{
|
||||||
GivenName: "Mickey",
|
GivenName: "Mickey",
|
||||||
FamilyName: "Mouse",
|
FamilyName: "Mouse",
|
||||||
|
PreferredLanguage: gu.Ptr("nl"),
|
||||||
|
Gender: gu.Ptr(user.Gender_GENDER_MALE),
|
||||||
},
|
},
|
||||||
Email: &user.SetHumanEmail{
|
Email: &user.SetHumanEmail{
|
||||||
Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()),
|
Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()),
|
||||||
|
@ -1,6 +1,3 @@
|
|||||||
-- deallocate q;
|
|
||||||
-- prepare q (text, text, text[]) as
|
|
||||||
|
|
||||||
with usr as (
|
with usr as (
|
||||||
select u.id, u.creation_date, u.change_date, u.sequence, u.state, u.resource_owner, u.username, n.login_name as preferred_login_name
|
select u.id, u.creation_date, u.change_date, u.sequence, u.state, u.resource_owner, u.username, n.login_name as preferred_login_name
|
||||||
from projections.users9 u
|
from projections.users9 u
|
||||||
@ -11,7 +8,7 @@ with usr as (
|
|||||||
),
|
),
|
||||||
human as (
|
human as (
|
||||||
select $1 as user_id, row_to_json(r) as human from (
|
select $1 as user_id, row_to_json(r) as human from (
|
||||||
select first_name, last_name, nick_name, display_name, avatar_key, email, is_email_verified, phone, is_phone_verified
|
select first_name, last_name, nick_name, display_name, avatar_key, preferred_language, gender, email, is_email_verified, phone, is_phone_verified
|
||||||
from projections.users9_humans
|
from projections.users9_humans
|
||||||
where user_id = $1
|
where user_id = $1
|
||||||
and instance_id = $2
|
and instance_id = $2
|
||||||
@ -56,7 +53,7 @@ orgs as (
|
|||||||
-- find the user's org
|
-- find the user's org
|
||||||
user_org as (
|
user_org as (
|
||||||
select row_to_json(r) as organization from (
|
select row_to_json(r) as organization from (
|
||||||
select name, primary_domain
|
select o.id, o.name, o.primary_domain
|
||||||
from orgs o
|
from orgs o
|
||||||
join usr u on o.id = u.resource_owner
|
join usr u on o.id = u.resource_owner
|
||||||
) r
|
) r
|
||||||
@ -88,5 +85,3 @@ select json_build_object(
|
|||||||
'metadata', (select metadata from metadata),
|
'metadata', (select metadata from metadata),
|
||||||
'user_grants', (select grants from grants)
|
'user_grants', (select grants from grants)
|
||||||
);
|
);
|
||||||
|
|
||||||
-- execute q('231965491734773762','230690539048009730', '{"236645808328409090","240762134579904514"}')
|
|
3
internal/query/testdata/userinfo_human.json
vendored
3
internal/query/testdata/userinfo_human.json
vendored
@ -14,6 +14,8 @@
|
|||||||
"nick_name": "muhlemmer",
|
"nick_name": "muhlemmer",
|
||||||
"display_name": "Tim Mohlmann",
|
"display_name": "Tim Mohlmann",
|
||||||
"avatar_key": null,
|
"avatar_key": null,
|
||||||
|
"preferred_language": "en",
|
||||||
|
"gender": 2,
|
||||||
"email": "tim+tesmail@zitadel.com",
|
"email": "tim+tesmail@zitadel.com",
|
||||||
"is_email_verified": true,
|
"is_email_verified": true,
|
||||||
"phone": "+40123456789",
|
"phone": "+40123456789",
|
||||||
@ -22,6 +24,7 @@
|
|||||||
"machine": null
|
"machine": null
|
||||||
},
|
},
|
||||||
"org": {
|
"org": {
|
||||||
|
"id": "231848297847848962",
|
||||||
"name": "demo",
|
"name": "demo",
|
||||||
"primary_domain": "demo.localhost"
|
"primary_domain": "demo.localhost"
|
||||||
},
|
},
|
||||||
|
@ -14,6 +14,8 @@
|
|||||||
"nick_name": "muhlemmer",
|
"nick_name": "muhlemmer",
|
||||||
"display_name": "Tim Mohlmann",
|
"display_name": "Tim Mohlmann",
|
||||||
"avatar_key": null,
|
"avatar_key": null,
|
||||||
|
"preferred_language": "en",
|
||||||
|
"gender": 2,
|
||||||
"email": "tim+tesmail@zitadel.com",
|
"email": "tim+tesmail@zitadel.com",
|
||||||
"is_email_verified": true,
|
"is_email_verified": true,
|
||||||
"phone": "+40123456789",
|
"phone": "+40123456789",
|
||||||
@ -22,6 +24,7 @@
|
|||||||
"machine": null
|
"machine": null
|
||||||
},
|
},
|
||||||
"org": {
|
"org": {
|
||||||
|
"id": "231848297847848962",
|
||||||
"name": "demo",
|
"name": "demo",
|
||||||
"primary_domain": "demo.localhost"
|
"primary_domain": "demo.localhost"
|
||||||
},
|
},
|
||||||
|
@ -14,6 +14,8 @@
|
|||||||
"nick_name": "muhlemmer",
|
"nick_name": "muhlemmer",
|
||||||
"display_name": "Tim Mohlmann",
|
"display_name": "Tim Mohlmann",
|
||||||
"avatar_key": null,
|
"avatar_key": null,
|
||||||
|
"preferred_language": "en",
|
||||||
|
"gender": 2,
|
||||||
"email": "tim+tesmail@zitadel.com",
|
"email": "tim+tesmail@zitadel.com",
|
||||||
"is_email_verified": true,
|
"is_email_verified": true,
|
||||||
"phone": "+40123456789",
|
"phone": "+40123456789",
|
||||||
@ -22,6 +24,7 @@
|
|||||||
"machine": null
|
"machine": null
|
||||||
},
|
},
|
||||||
"org": {
|
"org": {
|
||||||
|
"id": "231848297847848962",
|
||||||
"name": "demo",
|
"name": "demo",
|
||||||
"primary_domain": "demo.localhost"
|
"primary_domain": "demo.localhost"
|
||||||
},
|
},
|
||||||
|
@ -15,6 +15,7 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"org": {
|
"org": {
|
||||||
|
"id": "231848297847848962",
|
||||||
"name": "demo",
|
"name": "demo",
|
||||||
"primary_domain": "demo.localhost"
|
"primary_domain": "demo.localhost"
|
||||||
},
|
},
|
||||||
|
@ -11,9 +11,11 @@ import (
|
|||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
"golang.org/x/text/language"
|
||||||
|
|
||||||
"github.com/zitadel/zitadel/internal/api/authz"
|
"github.com/zitadel/zitadel/internal/api/authz"
|
||||||
"github.com/zitadel/zitadel/internal/database"
|
"github.com/zitadel/zitadel/internal/database"
|
||||||
|
"github.com/zitadel/zitadel/internal/domain"
|
||||||
"github.com/zitadel/zitadel/internal/errors"
|
"github.com/zitadel/zitadel/internal/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -99,19 +101,22 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
|
|||||||
Username: "tim+tesmail@zitadel.com",
|
Username: "tim+tesmail@zitadel.com",
|
||||||
PreferredLoginName: "tim+tesmail@zitadel.com@demo.localhost",
|
PreferredLoginName: "tim+tesmail@zitadel.com@demo.localhost",
|
||||||
Human: &Human{
|
Human: &Human{
|
||||||
FirstName: "Tim",
|
FirstName: "Tim",
|
||||||
LastName: "Mohlmann",
|
LastName: "Mohlmann",
|
||||||
NickName: "muhlemmer",
|
NickName: "muhlemmer",
|
||||||
DisplayName: "Tim Mohlmann",
|
DisplayName: "Tim Mohlmann",
|
||||||
AvatarKey: "",
|
AvatarKey: "",
|
||||||
Email: "tim+tesmail@zitadel.com",
|
PreferredLanguage: language.English,
|
||||||
IsEmailVerified: true,
|
Gender: domain.GenderMale,
|
||||||
Phone: "+40123456789",
|
Email: "tim+tesmail@zitadel.com",
|
||||||
IsPhoneVerified: false,
|
IsEmailVerified: true,
|
||||||
|
Phone: "+40123456789",
|
||||||
|
IsPhoneVerified: false,
|
||||||
},
|
},
|
||||||
Machine: nil,
|
Machine: nil,
|
||||||
},
|
},
|
||||||
Org: &UserInfoOrg{
|
Org: &UserInfoOrg{
|
||||||
|
ID: "231848297847848962",
|
||||||
Name: "demo",
|
Name: "demo",
|
||||||
PrimaryDomain: "demo.localhost",
|
PrimaryDomain: "demo.localhost",
|
||||||
},
|
},
|
||||||
@ -135,19 +140,22 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
|
|||||||
Username: "tim+tesmail@zitadel.com",
|
Username: "tim+tesmail@zitadel.com",
|
||||||
PreferredLoginName: "tim+tesmail@zitadel.com@demo.localhost",
|
PreferredLoginName: "tim+tesmail@zitadel.com@demo.localhost",
|
||||||
Human: &Human{
|
Human: &Human{
|
||||||
FirstName: "Tim",
|
FirstName: "Tim",
|
||||||
LastName: "Mohlmann",
|
LastName: "Mohlmann",
|
||||||
NickName: "muhlemmer",
|
NickName: "muhlemmer",
|
||||||
DisplayName: "Tim Mohlmann",
|
DisplayName: "Tim Mohlmann",
|
||||||
AvatarKey: "",
|
AvatarKey: "",
|
||||||
Email: "tim+tesmail@zitadel.com",
|
PreferredLanguage: language.English,
|
||||||
IsEmailVerified: true,
|
Gender: domain.GenderMale,
|
||||||
Phone: "+40123456789",
|
Email: "tim+tesmail@zitadel.com",
|
||||||
IsPhoneVerified: false,
|
IsEmailVerified: true,
|
||||||
|
Phone: "+40123456789",
|
||||||
|
IsPhoneVerified: false,
|
||||||
},
|
},
|
||||||
Machine: nil,
|
Machine: nil,
|
||||||
},
|
},
|
||||||
Org: &UserInfoOrg{
|
Org: &UserInfoOrg{
|
||||||
|
ID: "231848297847848962",
|
||||||
Name: "demo",
|
Name: "demo",
|
||||||
PrimaryDomain: "demo.localhost",
|
PrimaryDomain: "demo.localhost",
|
||||||
},
|
},
|
||||||
@ -193,19 +201,22 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
|
|||||||
Username: "tim+tesmail@zitadel.com",
|
Username: "tim+tesmail@zitadel.com",
|
||||||
PreferredLoginName: "tim+tesmail@zitadel.com@demo.localhost",
|
PreferredLoginName: "tim+tesmail@zitadel.com@demo.localhost",
|
||||||
Human: &Human{
|
Human: &Human{
|
||||||
FirstName: "Tim",
|
FirstName: "Tim",
|
||||||
LastName: "Mohlmann",
|
LastName: "Mohlmann",
|
||||||
NickName: "muhlemmer",
|
NickName: "muhlemmer",
|
||||||
DisplayName: "Tim Mohlmann",
|
DisplayName: "Tim Mohlmann",
|
||||||
AvatarKey: "",
|
AvatarKey: "",
|
||||||
Email: "tim+tesmail@zitadel.com",
|
PreferredLanguage: language.English,
|
||||||
IsEmailVerified: true,
|
Gender: domain.GenderMale,
|
||||||
Phone: "+40123456789",
|
Email: "tim+tesmail@zitadel.com",
|
||||||
IsPhoneVerified: false,
|
IsEmailVerified: true,
|
||||||
|
Phone: "+40123456789",
|
||||||
|
IsPhoneVerified: false,
|
||||||
},
|
},
|
||||||
Machine: nil,
|
Machine: nil,
|
||||||
},
|
},
|
||||||
Org: &UserInfoOrg{
|
Org: &UserInfoOrg{
|
||||||
|
ID: "231848297847848962",
|
||||||
Name: "demo",
|
Name: "demo",
|
||||||
PrimaryDomain: "demo.localhost",
|
PrimaryDomain: "demo.localhost",
|
||||||
},
|
},
|
||||||
@ -292,6 +303,7 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
Org: &UserInfoOrg{
|
Org: &UserInfoOrg{
|
||||||
|
ID: "231848297847848962",
|
||||||
Name: "demo",
|
Name: "demo",
|
||||||
PrimaryDomain: "demo.localhost",
|
PrimaryDomain: "demo.localhost",
|
||||||
},
|
},
|
||||||
|
Loading…
Reference in New Issue
Block a user