feat: api v2beta to api v2 (#8283)

# Which Problems Are Solved

The v2beta services are stable but not GA.

# How the Problems Are Solved

The v2beta services are copied to v2. The corresponding v1 and v2beta
services are deprecated.

# Additional Context

Closes #7236

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>

internal/api/grpc/user/v2/email.go

@@ -7,8 +7,8 @@ import (
 
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func (s *Server) SetEmail(ctx context.Context, req *user.SetEmailRequest) (resp *user.SetEmailResponse, err error) {

internal/api/grpc/user/v2/email_integration_test.go

@@ -12,9 +12,10 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	object "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	user "github.com/zitadel/zitadel/pkg/grpc/user/v2"
+
 	"github.com/zitadel/zitadel/internal/integration"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
 func TestServer_SetEmail(t *testing.T) {

internal/api/grpc/user/v2/idp_link.go

@@ -0,0 +1,94 @@
+package user
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_ *user.AddIDPLinkResponse, err error) {
+	details, err := s.command.AddUserIDPLink(ctx, req.UserId, "", &command.AddLink{
+		IDPID:         req.GetIdpLink().GetIdpId(),
+		DisplayName:   req.GetIdpLink().GetUserName(),
+		IDPExternalID: req.GetIdpLink().GetUserId(),
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &user.AddIDPLinkResponse{
+		Details: object.DomainToDetailsPb(details),
+	}, nil
+}
+
+func (s *Server) ListIDPLinks(ctx context.Context, req *user.ListIDPLinksRequest) (_ *user.ListIDPLinksResponse, err error) {
+	queries, err := ListLinkedIDPsRequestToQuery(req)
+	if err != nil {
+		return nil, err
+	}
+	res, err := s.query.IDPUserLinks(ctx, queries, false)
+	if err != nil {
+		return nil, err
+	}
+	res.RemoveNoPermission(ctx, s.checkPermission)
+	return &user.ListIDPLinksResponse{
+		Result:  IDPLinksToPb(res.Links),
+		Details: object.ToListDetails(res.SearchResponse),
+	}, nil
+}
+
+func ListLinkedIDPsRequestToQuery(req *user.ListIDPLinksRequest) (*query.IDPUserLinksSearchQuery, error) {
+	offset, limit, asc := object.ListQueryToQuery(req.Query)
+	userQuery, err := query.NewIDPUserLinksUserIDSearchQuery(req.UserId)
+	if err != nil {
+		return nil, err
+	}
+	return &query.IDPUserLinksSearchQuery{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
+		Queries: []query.SearchQuery{userQuery},
+	}, nil
+}
+
+func IDPLinksToPb(res []*query.IDPUserLink) []*user.IDPLink {
+	links := make([]*user.IDPLink, len(res))
+	for i, link := range res {
+		links[i] = IDPLinkToPb(link)
+	}
+	return links
+}
+
+func IDPLinkToPb(link *query.IDPUserLink) *user.IDPLink {
+	return &user.IDPLink{
+		IdpId:    link.IDPID,
+		UserId:   link.ProvidedUserID,
+		UserName: link.ProvidedUsername,
+	}
+}
+
+func (s *Server) RemoveIDPLink(ctx context.Context, req *user.RemoveIDPLinkRequest) (*user.RemoveIDPLinkResponse, error) {
+	objectDetails, err := s.command.RemoveUserIDPLink(ctx, RemoveIDPLinkRequestToDomain(ctx, req))
+	if err != nil {
+		return nil, err
+	}
+	return &user.RemoveIDPLinkResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
+}
+
+func RemoveIDPLinkRequestToDomain(ctx context.Context, req *user.RemoveIDPLinkRequest) *domain.UserIDPLink {
+	return &domain.UserIDPLink{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.UserId,
+		},
+		IDPConfigID:    req.IdpId,
+		ExternalUserID: req.LinkedUserId,
+	}
+}

internal/api/grpc/user/v2/idp_link_integration_test.go

@@ -0,0 +1,360 @@
+//go:build integration
+
+package user_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+)
+
+func TestServer_AddIDPLink(t *testing.T) {
+	idpID := Tester.AddGenericOAuthProvider(t, CTX)
+	type args struct {
+		ctx context.Context
+		req *user.AddIDPLinkRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *user.AddIDPLinkResponse
+		wantErr bool
+	}{
+		{
+			name: "user does not exist",
+			args: args{
+				CTX,
+				&user.AddIDPLinkRequest{
+					UserId: "userID",
+					IdpLink: &user.IDPLink{
+						IdpId:    idpID,
+						UserId:   "userID",
+						UserName: "username",
+					},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+		{
+			name: "idp does not exist",
+			args: args{
+				CTX,
+				&user.AddIDPLinkRequest{
+					UserId: Tester.Users[integration.FirstInstanceUsersKey][integration.OrgOwner].ID,
+					IdpLink: &user.IDPLink{
+						IdpId:    "idpID",
+						UserId:   "userID",
+						UserName: "username",
+					},
+				},
+			},
+			want:    nil,
+			wantErr: true,
+		},
+		{
+			name: "add link",
+			args: args{
+				CTX,
+				&user.AddIDPLinkRequest{
+					UserId: Tester.Users[integration.FirstInstanceUsersKey][integration.OrgOwner].ID,
+					IdpLink: &user.IDPLink{
+						IdpId:    idpID,
+						UserId:   "userID",
+						UserName: "username",
+					},
+				},
+			},
+			want: &user.AddIDPLinkResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+			},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Client.AddIDPLink(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+			}
+
+			integration.AssertDetails(t, tt.want, got)
+		})
+	}
+}
+
+func TestServer_ListIDPLinks(t *testing.T) {
+	orgResp := Tester.CreateOrganization(IamCTX, fmt.Sprintf("ListIDPLinks%d", time.Now().UnixNano()), fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()))
+
+	instanceIdpID := Tester.AddGenericOAuthProvider(t, IamCTX)
+	userInstanceResp := Tester.CreateHumanUserVerified(IamCTX, orgResp.OrganizationId, fmt.Sprintf("%d@listidplinks.com", time.Now().UnixNano()))
+	Tester.CreateUserIDPlink(IamCTX, userInstanceResp.GetUserId(), "external_instance", instanceIdpID, "externalUsername_instance")
+
+	orgIdpID := Tester.AddOrgGenericOAuthProvider(t, IamCTX, orgResp.OrganizationId)
+	userOrgResp := Tester.CreateHumanUserVerified(IamCTX, orgResp.OrganizationId, fmt.Sprintf("%d@listidplinks.com", time.Now().UnixNano()))
+	Tester.CreateUserIDPlink(IamCTX, userOrgResp.GetUserId(), "external_org", orgIdpID, "externalUsername_org")
+
+	userMultipleResp := Tester.CreateHumanUserVerified(IamCTX, orgResp.OrganizationId, fmt.Sprintf("%d@listidplinks.com", time.Now().UnixNano()))
+	Tester.CreateUserIDPlink(IamCTX, userMultipleResp.GetUserId(), "external_multi", instanceIdpID, "externalUsername_multi")
+	Tester.CreateUserIDPlink(IamCTX, userMultipleResp.GetUserId(), "external_multi", orgIdpID, "externalUsername_multi")
+
+	type args struct {
+		ctx context.Context
+		req *user.ListIDPLinksRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *user.ListIDPLinksResponse
+		wantErr bool
+	}{
+		{
+			name: "list links, no permission",
+			args: args{
+				UserCTX,
+				&user.ListIDPLinksRequest{
+					UserId: userOrgResp.GetUserId(),
+				},
+			},
+			want: &user.ListIDPLinksResponse{
+				Details: &object.ListDetails{
+					TotalResult: 0,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.IDPLink{},
+			},
+		},
+		{
+			name: "list links, no permission, org",
+			args: args{
+				CTX,
+				&user.ListIDPLinksRequest{
+					UserId: userOrgResp.GetUserId(),
+				},
+			},
+			want: &user.ListIDPLinksResponse{
+				Details: &object.ListDetails{
+					TotalResult: 0,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.IDPLink{},
+			},
+		},
+		{
+			name: "list idp links, org, ok",
+			args: args{
+				IamCTX,
+				&user.ListIDPLinksRequest{
+					UserId: userOrgResp.GetUserId(),
+				},
+			},
+			want: &user.ListIDPLinksResponse{
+				Details: &object.ListDetails{
+					TotalResult: 1,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.IDPLink{
+					{
+						IdpId:    orgIdpID,
+						UserId:   "external_org",
+						UserName: "externalUsername_org",
+					},
+				},
+			},
+		},
+		{
+			name: "list idp links, instance, ok",
+			args: args{
+				IamCTX,
+				&user.ListIDPLinksRequest{
+					UserId: userInstanceResp.GetUserId(),
+				},
+			},
+			want: &user.ListIDPLinksResponse{
+				Details: &object.ListDetails{
+					TotalResult: 1,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.IDPLink{
+					{
+						IdpId:    instanceIdpID,
+						UserId:   "external_instance",
+						UserName: "externalUsername_instance",
+					},
+				},
+			},
+		},
+		{
+			name: "list idp links, multi, ok",
+			args: args{
+				IamCTX,
+				&user.ListIDPLinksRequest{
+					UserId: userMultipleResp.GetUserId(),
+				},
+			},
+			want: &user.ListIDPLinksResponse{
+				Details: &object.ListDetails{
+					TotalResult: 2,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.IDPLink{
+					{
+						IdpId:    instanceIdpID,
+						UserId:   "external_multi",
+						UserName: "externalUsername_multi",
+					},
+					{
+						IdpId:    orgIdpID,
+						UserId:   "external_multi",
+						UserName: "externalUsername_multi",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			retryDuration := time.Minute
+			if ctxDeadline, ok := CTX.Deadline(); ok {
+				retryDuration = time.Until(ctxDeadline)
+			}
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, listErr := Client.ListIDPLinks(tt.args.ctx, tt.args.req)
+				assertErr := assert.NoError
+				if tt.wantErr {
+					assertErr = assert.Error
+				}
+				assertErr(ttt, listErr)
+				if listErr != nil {
+					return
+				}
+				// always first check length, otherwise its failed anyway
+				assert.Len(ttt, got.Result, len(tt.want.Result))
+				for i := range tt.want.Result {
+					assert.Contains(ttt, got.Result, tt.want.Result[i])
+				}
+				integration.AssertListDetails(t, tt.want, got)
+			}, retryDuration, time.Millisecond*100, "timeout waiting for expected idplinks result")
+		})
+	}
+}
+
+func TestServer_RemoveIDPLink(t *testing.T) {
+	orgResp := Tester.CreateOrganization(IamCTX, fmt.Sprintf("ListIDPLinks%d", time.Now().UnixNano()), fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()))
+
+	instanceIdpID := Tester.AddGenericOAuthProvider(t, IamCTX)
+	userInstanceResp := Tester.CreateHumanUserVerified(IamCTX, orgResp.OrganizationId, fmt.Sprintf("%d@listidplinks.com", time.Now().UnixNano()))
+	Tester.CreateUserIDPlink(IamCTX, userInstanceResp.GetUserId(), "external_instance", instanceIdpID, "externalUsername_instance")
+
+	orgIdpID := Tester.AddOrgGenericOAuthProvider(t, IamCTX, orgResp.OrganizationId)
+	userOrgResp := Tester.CreateHumanUserVerified(IamCTX, orgResp.OrganizationId, fmt.Sprintf("%d@listidplinks.com", time.Now().UnixNano()))
+	Tester.CreateUserIDPlink(IamCTX, userOrgResp.GetUserId(), "external_org", orgIdpID, "externalUsername_org")
+
+	userNoLinkResp := Tester.CreateHumanUserVerified(IamCTX, orgResp.OrganizationId, fmt.Sprintf("%d@listidplinks.com", time.Now().UnixNano()))
+
+	type args struct {
+		ctx context.Context
+		req *user.RemoveIDPLinkRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *user.RemoveIDPLinkResponse
+		wantErr bool
+	}{
+		{
+			name: "remove link, no permission",
+			args: args{
+				UserCTX,
+				&user.RemoveIDPLinkRequest{
+					UserId:       userOrgResp.GetUserId(),
+					IdpId:        orgIdpID,
+					LinkedUserId: "external_org",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "remove link, no permission, org",
+			args: args{
+				CTX,
+				&user.RemoveIDPLinkRequest{
+					UserId:       userOrgResp.GetUserId(),
+					IdpId:        orgIdpID,
+					LinkedUserId: "external_org",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "remove link, org, ok",
+			args: args{
+				IamCTX,
+				&user.RemoveIDPLinkRequest{
+					UserId:       userOrgResp.GetUserId(),
+					IdpId:        orgIdpID,
+					LinkedUserId: "external_org",
+				},
+			},
+			want: &user.RemoveIDPLinkResponse{
+				Details: &object.Details{
+					ResourceOwner: orgResp.GetOrganizationId(),
+					ChangeDate:    timestamppb.Now(),
+				},
+			},
+		},
+		{
+			name: "remove link, instance, ok",
+			args: args{
+				IamCTX,
+				&user.RemoveIDPLinkRequest{
+					UserId:       userInstanceResp.GetUserId(),
+					IdpId:        instanceIdpID,
+					LinkedUserId: "external_instance",
+				},
+			},
+			want: &user.RemoveIDPLinkResponse{
+				Details: &object.Details{
+					ResourceOwner: orgResp.GetOrganizationId(),
+					ChangeDate:    timestamppb.Now(),
+				},
+			},
+		},
+		{
+			name: "remove link, no link, error",
+			args: args{
+				IamCTX,
+				&user.RemoveIDPLinkRequest{
+					UserId: userNoLinkResp.GetUserId(),
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Client.RemoveIDPLink(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+			}
+
+			integration.AssertDetails(t, tt.want, got)
+		})
+	}
+}

internal/api/grpc/user/v2/otp.go

@@ -4,7 +4,7 @@ import (
 	"context"
 
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func (s *Server) AddOTPSMS(ctx context.Context, req *user.AddOTPSMSRequest) (*user.AddOTPSMSResponse, error) {

internal/api/grpc/user/v2/otp_integration_test.go

@@ -9,9 +9,10 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+
 	"github.com/zitadel/zitadel/internal/integration"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
 func TestServer_AddOTPSMS(t *testing.T) {

internal/api/grpc/user/v2/passkey.go

@@ -7,9 +7,10 @@ import (
 
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func (s *Server) RegisterPasskey(ctx context.Context, req *user.RegisterPasskeyRequest) (resp *user.RegisterPasskeyResponse, err error) {
@@ -116,3 +117,68 @@ func passkeyCodeDetailsToPb(details *domain.PasskeyCodeDetails, err error) (*use
 		},
 	}, nil
 }
+
+func (s *Server) RemovePasskey(ctx context.Context, req *user.RemovePasskeyRequest) (*user.RemovePasskeyResponse, error) {
+	objectDetails, err := s.command.HumanRemovePasswordless(ctx, req.GetUserId(), req.GetPasskeyId(), "")
+	if err != nil {
+		return nil, err
+	}
+	return &user.RemovePasskeyResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
+}
+
+func (s *Server) ListPasskeys(ctx context.Context, req *user.ListPasskeysRequest) (*user.ListPasskeysResponse, error) {
+	query := new(query.UserAuthMethodSearchQueries)
+	err := query.AppendUserIDQuery(req.UserId)
+	if err != nil {
+		return nil, err
+	}
+	err = query.AppendAuthMethodQuery(domain.UserAuthMethodTypePasswordless)
+	if err != nil {
+		return nil, err
+	}
+	err = query.AppendStateQuery(domain.MFAStateReady)
+	if err != nil {
+		return nil, err
+	}
+	authMethods, err := s.query.SearchUserAuthMethods(ctx, query, false)
+	authMethods.RemoveNoPermission(ctx, s.checkPermission)
+	if err != nil {
+		return nil, err
+	}
+	return &user.ListPasskeysResponse{
+		Details: object.ToListDetails(authMethods.SearchResponse),
+		Result:  authMethodsToPasskeyPb(authMethods),
+	}, nil
+}
+
+func authMethodsToPasskeyPb(methods *query.AuthMethods) []*user.Passkey {
+	t := make([]*user.Passkey, len(methods.AuthMethods))
+	for i, token := range methods.AuthMethods {
+		t[i] = authMethodToPasskeyPb(token)
+	}
+	return t
+}
+
+func authMethodToPasskeyPb(token *query.AuthMethod) *user.Passkey {
+	return &user.Passkey{
+		Id:    token.TokenID,
+		State: mfaStateToPb(token.State),
+		Name:  token.Name,
+	}
+}
+
+func mfaStateToPb(state domain.MFAState) user.AuthFactorState {
+	switch state {
+	case domain.MFAStateNotReady:
+		return user.AuthFactorState_AUTH_FACTOR_STATE_NOT_READY
+	case domain.MFAStateReady:
+		return user.AuthFactorState_AUTH_FACTOR_STATE_READY
+	case domain.MFAStateUnspecified, domain.MFAStateRemoved:
+		// Handle all remaining cases so the linter succeeds
+		return user.AuthFactorState_AUTH_FACTOR_STATE_UNSPECIFIED
+	default:
+		return user.AuthFactorState_AUTH_FACTOR_STATE_UNSPECIFIED
+	}
+}

internal/api/grpc/user/v2/passkey_integration_test.go

@@ -5,6 +5,7 @@ package user_test
 import (
 	"context"
 	"testing"
+	"time"
 
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
@@ -12,9 +13,10 @@ import (
 	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+
 	"github.com/zitadel/zitadel/internal/integration"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
 func TestServer_RegisterPasskey(t *testing.T) {
@@ -138,19 +140,7 @@ func TestServer_RegisterPasskey(t *testing.T) {
 }
 
 func TestServer_VerifyPasskeyRegistration(t *testing.T) {
-	userID := Tester.CreateHumanUser(CTX).GetUserId()
-	reg, err := Client.CreatePasskeyRegistrationLink(CTX, &user.CreatePasskeyRegistrationLinkRequest{
-		UserId: userID,
-		Medium: &user.CreatePasskeyRegistrationLinkRequest_ReturnCode{},
-	})
-	require.NoError(t, err)
-	pkr, err := Client.RegisterPasskey(CTX, &user.RegisterPasskeyRequest{
-		UserId: userID,
-		Code:   reg.GetCode(),
-	})
-	require.NoError(t, err)
-	require.NotEmpty(t, pkr.GetPasskeyId())
-	require.NotEmpty(t, pkr.GetPublicKeyCredentialCreationOptions())
+	userID, pkr := userWithPasskeyRegistered(t)
 
 	attestationResponse, err := Tester.WebAuthN.CreateAttestationResponse(pkr.GetPublicKeyCredentialCreationOptions())
 	require.NoError(t, err)
@@ -317,3 +307,291 @@ func TestServer_CreatePasskeyRegistrationLink(t *testing.T) {
 		})
 	}
 }
+
+func userWithPasskeyRegistered(t *testing.T) (string, *user.RegisterPasskeyResponse) {
+	userID := Tester.CreateHumanUser(CTX).GetUserId()
+	return userID, passkeyRegister(t, userID)
+}
+
+func userWithPasskeyVerified(t *testing.T) (string, string) {
+	userID, pkr := userWithPasskeyRegistered(t)
+	return userID, passkeyVerify(t, userID, pkr)
+}
+
+func passkeyRegister(t *testing.T, userID string) *user.RegisterPasskeyResponse {
+	reg, err := Client.CreatePasskeyRegistrationLink(CTX, &user.CreatePasskeyRegistrationLinkRequest{
+		UserId: userID,
+		Medium: &user.CreatePasskeyRegistrationLinkRequest_ReturnCode{},
+	})
+	require.NoError(t, err)
+	pkr, err := Client.RegisterPasskey(CTX, &user.RegisterPasskeyRequest{
+		UserId: userID,
+		Code:   reg.GetCode(),
+	})
+	require.NoError(t, err)
+	require.NotEmpty(t, pkr.GetPasskeyId())
+	require.NotEmpty(t, pkr.GetPublicKeyCredentialCreationOptions())
+	return pkr
+}
+
+func passkeyVerify(t *testing.T, userID string, pkr *user.RegisterPasskeyResponse) string {
+	attestationResponse, err := Tester.WebAuthN.CreateAttestationResponse(pkr.GetPublicKeyCredentialCreationOptions())
+	require.NoError(t, err)
+
+	_, err = Client.VerifyPasskeyRegistration(CTX, &user.VerifyPasskeyRegistrationRequest{
+		UserId:              userID,
+		PasskeyId:           pkr.GetPasskeyId(),
+		PublicKeyCredential: attestationResponse,
+		PasskeyName:         "nice name",
+	})
+	require.NoError(t, err)
+	return pkr.GetPasskeyId()
+}
+
+func TestServer_RemovePasskey(t *testing.T) {
+	userIDWithout := Tester.CreateHumanUser(CTX).GetUserId()
+	userIDRegistered, pkrRegistered := userWithPasskeyRegistered(t)
+	userIDVerified, passkeyIDVerified := userWithPasskeyVerified(t)
+	userIDVerifiedPermission, passkeyIDVerifiedPermission := userWithPasskeyVerified(t)
+
+	type args struct {
+		ctx context.Context
+		req *user.RemovePasskeyRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *user.RemovePasskeyResponse
+		wantErr bool
+	}{
+		{
+			name: "missing user id",
+			args: args{
+				ctx: IamCTX,
+				req: &user.RemovePasskeyRequest{
+					PasskeyId: "123",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "missing passkey id",
+			args: args{
+				ctx: IamCTX,
+				req: &user.RemovePasskeyRequest{
+					UserId: "123",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "success, registered",
+			args: args{
+				ctx: IamCTX,
+				req: &user.RemovePasskeyRequest{
+					UserId:    userIDRegistered,
+					PasskeyId: pkrRegistered.GetPasskeyId(),
+				},
+			},
+			want: &user.RemovePasskeyResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+			},
+		},
+		{
+			name: "no passkey, error",
+			args: args{
+				ctx: IamCTX,
+				req: &user.RemovePasskeyRequest{
+					UserId:    userIDWithout,
+					PasskeyId: pkrRegistered.GetPasskeyId(),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "success, verified",
+			args: args{
+				ctx: IamCTX,
+				req: &user.RemovePasskeyRequest{
+					UserId:    userIDVerified,
+					PasskeyId: passkeyIDVerified,
+				},
+			},
+			want: &user.RemovePasskeyResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+			},
+		},
+		{
+			name: "verified, permission error",
+			args: args{
+				ctx: UserCTX,
+				req: &user.RemovePasskeyRequest{
+					UserId:    userIDVerifiedPermission,
+					PasskeyId: passkeyIDVerifiedPermission,
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Client.RemovePasskey(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			require.NotNil(t, got)
+			integration.AssertDetails(t, tt.want, got)
+		})
+	}
+}
+
+func TestServer_ListPasskeys(t *testing.T) {
+	userIDWithout := Tester.CreateHumanUser(CTX).GetUserId()
+	userIDRegistered, _ := userWithPasskeyRegistered(t)
+	userIDVerified, passkeyIDVerified := userWithPasskeyVerified(t)
+
+	userIDMulti, passkeyIDMulti1 := userWithPasskeyVerified(t)
+	passkeyIDMulti2 := passkeyVerify(t, userIDMulti, passkeyRegister(t, userIDMulti))
+
+	type args struct {
+		ctx context.Context
+		req *user.ListPasskeysRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *user.ListPasskeysResponse
+		wantErr bool
+	}{
+		{
+			name: "list passkeys, no permission",
+			args: args{
+				UserCTX,
+				&user.ListPasskeysRequest{
+					UserId: userIDVerified,
+				},
+			},
+			want: &user.ListPasskeysResponse{
+				Details: &object.ListDetails{
+					TotalResult: 0,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.Passkey{},
+			},
+		},
+		{
+			name: "list passkeys, none",
+			args: args{
+				UserCTX,
+				&user.ListPasskeysRequest{
+					UserId: userIDWithout,
+				},
+			},
+			want: &user.ListPasskeysResponse{
+				Details: &object.ListDetails{
+					TotalResult: 0,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.Passkey{},
+			},
+		},
+		{
+			name: "list passkeys, registered",
+			args: args{
+				UserCTX,
+				&user.ListPasskeysRequest{
+					UserId: userIDRegistered,
+				},
+			},
+			want: &user.ListPasskeysResponse{
+				Details: &object.ListDetails{
+					TotalResult: 0,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.Passkey{},
+			},
+		},
+		{
+			name: "list passkeys, ok",
+			args: args{
+				IamCTX,
+				&user.ListPasskeysRequest{
+					UserId: userIDVerified,
+				},
+			},
+			want: &user.ListPasskeysResponse{
+				Details: &object.ListDetails{
+					TotalResult: 1,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.Passkey{
+					{
+						Id:    passkeyIDVerified,
+						State: user.AuthFactorState_AUTH_FACTOR_STATE_READY,
+						Name:  "nice name",
+					},
+				},
+			},
+		},
+		{
+			name: "list idp links, multi, ok",
+			args: args{
+				IamCTX,
+				&user.ListPasskeysRequest{
+					UserId: userIDMulti,
+				},
+			},
+			want: &user.ListPasskeysResponse{
+				Details: &object.ListDetails{
+					TotalResult: 2,
+					Timestamp:   timestamppb.Now(),
+				},
+				Result: []*user.Passkey{
+					{
+						Id:    passkeyIDMulti1,
+						State: user.AuthFactorState_AUTH_FACTOR_STATE_READY,
+						Name:  "nice name",
+					},
+					{
+						Id:    passkeyIDMulti2,
+						State: user.AuthFactorState_AUTH_FACTOR_STATE_READY,
+						Name:  "nice name",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			retryDuration := time.Minute
+			if ctxDeadline, ok := CTX.Deadline(); ok {
+				retryDuration = time.Until(ctxDeadline)
+			}
+			require.EventuallyWithT(t, func(ttt *assert.CollectT) {
+				got, listErr := Client.ListPasskeys(tt.args.ctx, tt.args.req)
+				assertErr := assert.NoError
+				if tt.wantErr {
+					assertErr = assert.Error
+				}
+				assertErr(ttt, listErr)
+				if listErr != nil {
+					return
+				}
+				// always first check length, otherwise its failed anyway
+				assert.Len(ttt, got.Result, len(tt.want.Result))
+				for i := range tt.want.Result {
+					assert.Contains(ttt, got.Result, tt.want.Result[i])
+				}
+				integration.AssertListDetails(t, tt.want, got)
+			}, retryDuration, time.Millisecond*100, "timeout waiting for expected idplinks result")
+		})
+	}
+}

internal/api/grpc/user/v2/passkey_test.go

@@ -14,8 +14,8 @@ import (
 	"github.com/zitadel/zitadel/internal/api/grpc"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func Test_passkeyAuthenticatorToDomain(t *testing.T) {

internal/api/grpc/user/v2/password.go

@@ -6,7 +6,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func (s *Server) PasswordReset(ctx context.Context, req *user.PasswordResetRequest) (_ *user.PasswordResetResponse, err error) {

internal/api/grpc/user/v2/password_integration_test.go

@@ -11,9 +11,10 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	object "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	user "github.com/zitadel/zitadel/pkg/grpc/user/v2"
+
 	"github.com/zitadel/zitadel/internal/integration"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
 func TestServer_RequestPasswordReset(t *testing.T) {

internal/api/grpc/user/v2/password_test.go

@@ -6,7 +6,7 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/zitadel/zitadel/internal/domain"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func Test_notificationTypeToDomain(t *testing.T) {

internal/api/grpc/user/v2/phone.go

@@ -7,8 +7,8 @@ import (
 
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func (s *Server) SetPhone(ctx context.Context, req *user.SetPhoneRequest) (resp *user.SetPhoneResponse, err error) {

internal/api/grpc/user/v2/phone_integration_test.go

@@ -13,9 +13,10 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	object "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	user "github.com/zitadel/zitadel/pkg/grpc/user/v2"
+
 	"github.com/zitadel/zitadel/internal/integration"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
 func TestServer_SetPhone(t *testing.T) {

internal/api/grpc/user/v2/query.go

@@ -11,7 +11,7 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func (s *Server) GetUserByID(ctx context.Context, req *user.GetUserByIDRequest) (_ *user.GetUserByIDResponse, err error) {

internal/api/grpc/user/v2/query_integration_test.go

@@ -13,9 +13,10 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	object "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	user "github.com/zitadel/zitadel/pkg/grpc/user/v2"
+
 	"github.com/zitadel/zitadel/internal/integration"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
 func TestServer_GetUserByID(t *testing.T) {

internal/api/grpc/user/v2/server.go

@@ -11,7 +11,7 @@ import (
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/query"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 var _ user.UserServiceServer = (*Server)(nil)

internal/api/grpc/user/v2/totp.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/domain"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func (s *Server) RegisterTOTP(ctx context.Context, req *user.RegisterTOTPRequest) (*user.RegisterTOTPResponse, error) {

internal/api/grpc/user/v2/totp_integration_test.go

@@ -12,9 +12,10 @@ import (
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+
 	"github.com/zitadel/zitadel/internal/integration"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
 func TestServer_RegisterTOTP(t *testing.T) {

internal/api/grpc/user/v2/totp_test.go

@@ -10,8 +10,8 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/zitadel/zitadel/internal/domain"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func Test_totpDetailsToPb(t *testing.T) {

internal/api/grpc/user/v2/u2f.go

@@ -6,7 +6,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func (s *Server) RegisterU2F(ctx context.Context, req *user.RegisterU2FRequest) (*user.RegisterU2FResponse, error) {
@@ -40,3 +40,13 @@ func (s *Server) VerifyU2FRegistration(ctx context.Context, req *user.VerifyU2FR
 		Details: object.DomainToDetailsPb(objectDetails),
 	}, nil
 }
+
+func (s *Server) RemoveU2F(ctx context.Context, req *user.RemoveU2FRequest) (*user.RemoveU2FResponse, error) {
+	objectDetails, err := s.command.HumanRemoveU2F(ctx, req.GetUserId(), req.GetU2FId(), "")
+	if err != nil {
+		return nil, err
+	}
+	return &user.RemoveU2FResponse{
+		Details: object.DomainToDetailsPb(objectDetails),
+	}, nil
+}

internal/api/grpc/user/v2/u2f_integration_test.go

@@ -11,9 +11,10 @@ import (
 	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+
 	"github.com/zitadel/zitadel/internal/integration"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
 func TestServer_RegisterU2F(t *testing.T) {
@@ -106,16 +107,7 @@ func TestServer_RegisterU2F(t *testing.T) {
 }
 
 func TestServer_VerifyU2FRegistration(t *testing.T) {
-	userID := Tester.CreateHumanUser(CTX).GetUserId()
-	Tester.RegisterUserPasskey(CTX, userID)
-	_, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID)
-	ctx := Tester.WithAuthorizationToken(CTX, sessionToken)
-
-	pkr, err := Client.RegisterU2F(ctx, &user.RegisterU2FRequest{
-		UserId: userID,
-	})
-	require.NoError(t, err)
-	require.NotEmpty(t, pkr.GetPublicKeyCredentialCreationOptions())
+	ctx, userID, pkr := ctxFromNewUserWithRegisteredU2F(t)
 
 	attestationResponse, err := Tester.WebAuthN.CreateAttestationResponse(pkr.GetPublicKeyCredentialCreationOptions())
 	require.NoError(t, err)
@@ -188,3 +180,138 @@ func TestServer_VerifyU2FRegistration(t *testing.T) {
 		})
 	}
 }
+
+func ctxFromNewUserWithRegisteredU2F(t *testing.T) (context.Context, string, *user.RegisterU2FResponse) {
+	userID := Tester.CreateHumanUser(CTX).GetUserId()
+	Tester.RegisterUserPasskey(CTX, userID)
+	_, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID)
+	ctx := Tester.WithAuthorizationToken(CTX, sessionToken)
+
+	pkr, err := Client.RegisterU2F(ctx, &user.RegisterU2FRequest{
+		UserId: userID,
+	})
+	require.NoError(t, err)
+	require.NotEmpty(t, pkr.GetPublicKeyCredentialCreationOptions())
+	return ctx, userID, pkr
+}
+
+func ctxFromNewUserWithVerifiedU2F(t *testing.T) (context.Context, string, string) {
+	ctx, userID, pkr := ctxFromNewUserWithRegisteredU2F(t)
+
+	attestationResponse, err := Tester.WebAuthN.CreateAttestationResponse(pkr.GetPublicKeyCredentialCreationOptions())
+	require.NoError(t, err)
+
+	_, err = Client.VerifyU2FRegistration(ctx, &user.VerifyU2FRegistrationRequest{
+		UserId:              userID,
+		U2FId:               pkr.GetU2FId(),
+		PublicKeyCredential: attestationResponse,
+		TokenName:           "nice name",
+	})
+	require.NoError(t, err)
+	return ctx, userID, pkr.GetU2FId()
+}
+
+func TestServer_RemoveU2F(t *testing.T) {
+	userIDWithout := Tester.CreateHumanUser(CTX).GetUserId()
+	ctxRegistered, userIDRegistered, pkrRegistered := ctxFromNewUserWithRegisteredU2F(t)
+	_, userIDVerified, u2fVerified := ctxFromNewUserWithVerifiedU2F(t)
+	_, userIDVerifiedPermission, u2fVerifiedPermission := ctxFromNewUserWithVerifiedU2F(t)
+
+	type args struct {
+		ctx context.Context
+		req *user.RemoveU2FRequest
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *user.RemoveU2FResponse
+		wantErr bool
+	}{
+		{
+			name: "missing user id",
+			args: args{
+				ctx: ctxRegistered,
+				req: &user.RemoveU2FRequest{
+					U2FId: "123",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "missing u2f id",
+			args: args{
+				ctx: ctxRegistered,
+				req: &user.RemoveU2FRequest{
+					UserId: "123",
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "success, registered",
+			args: args{
+				ctx: ctxRegistered,
+				req: &user.RemoveU2FRequest{
+					UserId: userIDRegistered,
+					U2FId:  pkrRegistered.GetU2FId(),
+				},
+			},
+			want: &user.RemoveU2FResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+			},
+		},
+		{
+			name: "no u2f, error",
+			args: args{
+				ctx: IamCTX,
+				req: &user.RemoveU2FRequest{
+					UserId: userIDWithout,
+					U2FId:  pkrRegistered.GetU2FId(),
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "success, IAMOwner permission, verified",
+			args: args{
+				ctx: IamCTX,
+				req: &user.RemoveU2FRequest{
+					UserId: userIDVerified,
+					U2FId:  u2fVerified,
+				},
+			},
+			want: &user.RemoveU2FResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+			},
+		},
+		{
+			name: "verified, permission error",
+			args: args{
+				ctx: UserCTX,
+				req: &user.RemoveU2FRequest{
+					UserId: userIDVerifiedPermission,
+					U2FId:  u2fVerifiedPermission,
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Client.RemoveU2F(tt.args.ctx, tt.args.req)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			require.NotNil(t, got)
+			integration.AssertDetails(t, tt.want, got)
+		})
+	}
+}

internal/api/grpc/user/v2/u2f_test.go

@@ -13,8 +13,8 @@ import (
 	"github.com/zitadel/zitadel/internal/api/grpc"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func Test_u2fRegistrationDetailsToPb(t *testing.T) {

internal/api/grpc/user/v2/user.go

@@ -18,11 +18,12 @@ import (
 	"github.com/zitadel/zitadel/internal/idp/providers/ldap"
 	"github.com/zitadel/zitadel/internal/query"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func (s *Server) AddHumanUser(ctx context.Context, req *user.AddHumanUserRequest) (_ *user.AddHumanUserResponse, err error) {
+
 	human, err := AddUserRequestToAddHuman(req)
 	if err != nil {
 		return nil, err
@@ -259,20 +260,6 @@ func SetHumanPasswordToPassword(password *user.SetPassword) *command.Password {
 	}
 }
 
-func (s *Server) AddIDPLink(ctx context.Context, req *user.AddIDPLinkRequest) (_ *user.AddIDPLinkResponse, err error) {
-	details, err := s.command.AddUserIDPLink(ctx, req.UserId, "", &command.AddLink{
-		IDPID:         req.GetIdpLink().GetIdpId(),
-		DisplayName:   req.GetIdpLink().GetUserName(),
-		IDPExternalID: req.GetIdpLink().GetUserId(),
-	})
-	if err != nil {
-		return nil, err
-	}
-	return &user.AddIDPLinkResponse{
-		Details: object.DomainToDetailsPb(details),
-	}, nil
-}
-
 func (s *Server) DeleteUser(ctx context.Context, req *user.DeleteUserRequest) (_ *user.DeleteUserResponse, err error) {
 	memberships, grants, err := s.removeUserDependencies(ctx, req.GetUserId())
 	if err != nil {

internal/api/grpc/user/v2/user_integration_test.go

@@ -18,12 +18,13 @@ import (
 	"google.golang.org/protobuf/types/known/structpb"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
+	"github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
+
 	"github.com/zitadel/zitadel/internal/api/grpc"
 	"github.com/zitadel/zitadel/internal/integration"
 	"github.com/zitadel/zitadel/pkg/grpc/idp"
 	mgmt "github.com/zitadel/zitadel/pkg/grpc/management"
-	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
 )
 
 var (
@@ -1797,86 +1798,6 @@ func TestServer_DeleteUser(t *testing.T) {
 	}
 }
 
-func TestServer_AddIDPLink(t *testing.T) {
-	idpID := Tester.AddGenericOAuthProvider(t, CTX)
-	type args struct {
-		ctx context.Context
-		req *user.AddIDPLinkRequest
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    *user.AddIDPLinkResponse
-		wantErr bool
-	}{
-		{
-			name: "user does not exist",
-			args: args{
-				CTX,
-				&user.AddIDPLinkRequest{
-					UserId: "userID",
-					IdpLink: &user.IDPLink{
-						IdpId:    idpID,
-						UserId:   "userID",
-						UserName: "username",
-					},
-				},
-			},
-			want:    nil,
-			wantErr: true,
-		},
-		{
-			name: "idp does not exist",
-			args: args{
-				CTX,
-				&user.AddIDPLinkRequest{
-					UserId: Tester.Users[integration.FirstInstanceUsersKey][integration.OrgOwner].ID,
-					IdpLink: &user.IDPLink{
-						IdpId:    "idpID",
-						UserId:   "userID",
-						UserName: "username",
-					},
-				},
-			},
-			want:    nil,
-			wantErr: true,
-		},
-		{
-			name: "add link",
-			args: args{
-				CTX,
-				&user.AddIDPLinkRequest{
-					UserId: Tester.Users[integration.FirstInstanceUsersKey][integration.OrgOwner].ID,
-					IdpLink: &user.IDPLink{
-						IdpId:    idpID,
-						UserId:   "userID",
-						UserName: "username",
-					},
-				},
-			},
-			want: &user.AddIDPLinkResponse{
-				Details: &object.Details{
-					ChangeDate:    timestamppb.Now(),
-					ResourceOwner: Tester.Organisation.ID,
-				},
-			},
-			wantErr: false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got, err := Client.AddIDPLink(tt.args.ctx, tt.args.req)
-			if tt.wantErr {
-				require.Error(t, err)
-			} else {
-				require.NoError(t, err)
-			}
-
-			integration.AssertDetails(t, tt.want, got)
-		})
-	}
-}
-
 func TestServer_StartIdentityProviderIntent(t *testing.T) {
 	idpID := Tester.AddGenericOAuthProvider(t, CTX)
 	orgIdpID := Tester.AddOrgGenericOAuthProvider(t, CTX, Tester.Organisation.ID)

internal/api/grpc/user/v2/user_test.go

@@ -17,8 +17,8 @@ import (
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/zerrors"
-	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
-	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
+	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2"
+	"github.com/zitadel/zitadel/pkg/grpc/user/v2"
 )
 
 func Test_idpIntentToIDPIntentPb(t *testing.T) {