feat(api): add generic oauth provider template (#5260)

adds functionality to manage templates based OIDC IDPs
2025-08-11 19:17:32 +00:00 · 2023-02-24 15:16:06 +01:00
parent aa9518ac02
commit 737d14e81b
28 changed files with 3199 additions and 117 deletions
--- a/internal/repository/idp/idp.go
+++ b/internal/repository/idp/idp.go
@@ -47,8 +47,8 @@ func (o *Options) ReduceChanges(changes OptionChanges) {
 	if changes.IsLinkingAllowed != nil {
 		o.IsLinkingAllowed = *changes.IsLinkingAllowed
 	}
-	if changes.IsAutoUpdate != nil {
-		o.IsAutoUpdate = *changes.IsAutoUpdate
+	if changes.IsAutoCreation != nil {
+		o.IsAutoCreation = *changes.IsAutoCreation
 	}
 	if changes.IsAutoUpdate != nil {
 		o.IsAutoUpdate = *changes.IsAutoUpdate
--- a/internal/repository/idp/oauth.go
+++ b/internal/repository/idp/oauth.go
@@ -0,0 +1,173 @@
+package idp
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+)
+
+type OAuthIDPAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID                    string              `json:"id"`
+	Name                  string              `json:"name,omitempty"`
+	ClientID              string              `json:"client_id,omitempty"`
+	ClientSecret          *crypto.CryptoValue `json:"client_secret,omitempty"`
+	AuthorizationEndpoint string              `json:"authorizationEndpoint,omitempty"`
+	TokenEndpoint         string              `json:"tokenEndpoint,omitempty"`
+	UserEndpoint          string              `json:"userEndpoint,omitempty"`
+	Scopes                []string            `json:"scopes,omitempty"`
+	Options
+}
+
+func NewOAuthIDPAddedEvent(
+	base *eventstore.BaseEvent,
+	id,
+	name,
+	clientID string,
+	clientSecret *crypto.CryptoValue,
+	authorizationEndpoint,
+	tokenEndpoint,
+	userEndpoint string,
+	scopes []string,
+	options Options,
+) *OAuthIDPAddedEvent {
+	return &OAuthIDPAddedEvent{
+		BaseEvent:             *base,
+		ID:                    id,
+		Name:                  name,
+		ClientID:              clientID,
+		ClientSecret:          clientSecret,
+		AuthorizationEndpoint: authorizationEndpoint,
+		TokenEndpoint:         tokenEndpoint,
+		UserEndpoint:          userEndpoint,
+		Scopes:                scopes,
+		Options:               options,
+	}
+}
+
+func (e *OAuthIDPAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OAuthIDPAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func OAuthIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &OAuthIDPAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
+
+type OAuthIDPChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID                    string              `json:"id"`
+	Name                  *string             `json:"name,omitempty"`
+	ClientID              *string             `json:"client_id,omitempty"`
+	ClientSecret          *crypto.CryptoValue `json:"client_secret,omitempty"`
+	AuthorizationEndpoint *string             `json:"authorizationEndpoint,omitempty"`
+	TokenEndpoint         *string             `json:"tokenEndpoint,omitempty"`
+	UserEndpoint          *string             `json:"userEndpoint,omitempty"`
+	Scopes                []string            `json:"scopes,omitempty"`
+	OptionChanges
+}
+
+func NewOAuthIDPChangedEvent(
+	base *eventstore.BaseEvent,
+	id string,
+	changes []OAuthIDPChanges,
+) (*OAuthIDPChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound")
+	}
+	changedEvent := &OAuthIDPChangedEvent{
+		BaseEvent: *base,
+		ID:        id,
+	}
+	for _, change := range changes {
+		change(changedEvent)
+	}
+	return changedEvent, nil
+}
+
+type OAuthIDPChanges func(*OAuthIDPChangedEvent)
+
+func ChangeOAuthName(name string) func(*OAuthIDPChangedEvent) {
+	return func(e *OAuthIDPChangedEvent) {
+		e.Name = &name
+	}
+}
+func ChangeOAuthClientID(clientID string) func(*OAuthIDPChangedEvent) {
+	return func(e *OAuthIDPChangedEvent) {
+		e.ClientID = &clientID
+	}
+}
+
+func ChangeOAuthClientSecret(clientSecret *crypto.CryptoValue) func(*OAuthIDPChangedEvent) {
+	return func(e *OAuthIDPChangedEvent) {
+		e.ClientSecret = clientSecret
+	}
+}
+
+func ChangeOAuthOptions(options OptionChanges) func(*OAuthIDPChangedEvent) {
+	return func(e *OAuthIDPChangedEvent) {
+		e.OptionChanges = options
+	}
+}
+
+func ChangeOAuthAuthorizationEndpoint(authorizationEndpoint string) func(*OAuthIDPChangedEvent) {
+	return func(e *OAuthIDPChangedEvent) {
+		e.AuthorizationEndpoint = &authorizationEndpoint
+	}
+}
+
+func ChangeOAuthTokenEndpoint(tokenEndpoint string) func(*OAuthIDPChangedEvent) {
+	return func(e *OAuthIDPChangedEvent) {
+		e.TokenEndpoint = &tokenEndpoint
+	}
+}
+
+func ChangeOAuthUserEndpoint(userEndpoint string) func(*OAuthIDPChangedEvent) {
+	return func(e *OAuthIDPChangedEvent) {
+		e.UserEndpoint = &userEndpoint
+	}
+}
+
+func ChangeOAuthScopes(scopes []string) func(*OAuthIDPChangedEvent) {
+	return func(e *OAuthIDPChangedEvent) {
+		e.Scopes = scopes
+	}
+}
+
+func (e *OAuthIDPChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OAuthIDPChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func OAuthIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &OAuthIDPChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-SAf3gw", "unable to unmarshal event")
+	}
+
+	return e, nil
+}