feat(api): add oidc and jwt provider template (#5290)

Adds possibility to manage OIDC and JWT template based providers
2025-08-11 21:37:32 +00:00 · 2023-02-27 16:32:18 +01:00
parent 9396e8b2f5
commit 80003939ad
29 changed files with 4338 additions and 295 deletions
--- a/internal/repository/idp/google.go
+++ b/internal/repository/idp/google.go
@@ -14,7 +14,7 @@ type GoogleIDPAddedEvent struct {

 	ID           string              `json:"id"`
 	Name         string              `json:"name,omitempty"`
-	ClientID     string              `json:"clientID"`
+	ClientID     string              `json:"clientId"`
 	ClientSecret *crypto.CryptoValue `json:"clientSecret"`
 	Scopes       []string            `json:"scopes,omitempty"`
 	Options
@@ -66,7 +66,7 @@ type GoogleIDPChangedEvent struct {

 	ID           string              `json:"id"`
 	Name         *string             `json:"name,omitempty"`
-	ClientID     *string             `json:"clientID,omitempty"`
+	ClientID     *string             `json:"clientId,omitempty"`
 	ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
 	Scopes       []string            `json:"scopes,omitempty"`
 	OptionChanges
--- a/internal/repository/idp/idp.go
+++ b/internal/repository/idp/idp.go
@@ -6,7 +6,6 @@ import (
 	"github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/repository"
-	"github.com/zitadel/zitadel/internal/repository/idpconfig"
 )

 type Options struct {
@@ -63,19 +62,15 @@ type RemovedEvent struct {
 	eventstore.BaseEvent `json:"-"`

 	ID string `json:"id"`
-
-	name string
 }

 func NewRemovedEvent(
 	base *eventstore.BaseEvent,
 	id string,
-	name string,
 ) *RemovedEvent {
 	return &RemovedEvent{
 		BaseEvent: *base,
 		ID:        id,
-		name:      name,
 	}
 }

@@ -84,10 +79,7 @@ func (e *RemovedEvent) Data() interface{} {
 }

 func (e *RemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
-	if e.name == "" {
-		return nil
-	}
-	return []*eventstore.EventUniqueConstraint{idpconfig.NewRemoveIDPConfigNameUniqueConstraint(e.name, e.Aggregate().ResourceOwner)}
+	return nil
 }

 func RemovedEventMapper(event *repository.Event) (eventstore.Event, error) {
--- a/internal/repository/idp/jwt.go
+++ b/internal/repository/idp/jwt.go
@@ -0,0 +1,153 @@
+package idp
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+)
+
+type JWTIDPAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID           string `json:"id"`
+	Name         string `json:"name,omitempty"`
+	Issuer       string `json:"issuer,omitempty"`
+	JWTEndpoint  string `json:"jwtEndpoint,omitempty"`
+	KeysEndpoint string `json:"keysEndpoint,omitempty"`
+	HeaderName   string `json:"headerName,omitempty"`
+	Options
+}
+
+func NewJWTIDPAddedEvent(
+	base *eventstore.BaseEvent,
+	id,
+	name,
+	issuer,
+	jwtEndpoint,
+	keysEndpoint,
+	headerName string,
+	options Options,
+) *JWTIDPAddedEvent {
+	return &JWTIDPAddedEvent{
+		BaseEvent:    *base,
+		ID:           id,
+		Name:         name,
+		Issuer:       issuer,
+		JWTEndpoint:  jwtEndpoint,
+		KeysEndpoint: keysEndpoint,
+		HeaderName:   headerName,
+		Options:      options,
+	}
+}
+
+func (e *JWTIDPAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *JWTIDPAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func JWTIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &JWTIDPAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
+
+type JWTIDPChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID           string  `json:"id"`
+	Name         *string `json:"name,omitempty"`
+	Issuer       *string `json:"issuer,omitempty"`
+	JWTEndpoint  *string `json:"jwtEndpoint,omitempty"`
+	KeysEndpoint *string `json:"keysEndpoint,omitempty"`
+	HeaderName   *string `json:"headerName,omitempty"`
+	OptionChanges
+}
+
+func NewJWTIDPChangedEvent(
+	base *eventstore.BaseEvent,
+	id string,
+	changes []JWTIDPChanges,
+) (*JWTIDPChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound")
+	}
+	changedEvent := &JWTIDPChangedEvent{
+		BaseEvent: *base,
+		ID:        id,
+	}
+	for _, change := range changes {
+		change(changedEvent)
+	}
+	return changedEvent, nil
+}
+
+type JWTIDPChanges func(*JWTIDPChangedEvent)
+
+func ChangeJWTName(name string) func(*JWTIDPChangedEvent) {
+	return func(e *JWTIDPChangedEvent) {
+		e.Name = &name
+	}
+}
+
+func ChangeJWTIssuer(issuer string) func(*JWTIDPChangedEvent) {
+	return func(e *JWTIDPChangedEvent) {
+		e.Issuer = &issuer
+	}
+}
+
+func ChangeJWTEndpoint(jwtEndpoint string) func(*JWTIDPChangedEvent) {
+	return func(e *JWTIDPChangedEvent) {
+		e.JWTEndpoint = &jwtEndpoint
+	}
+}
+
+func ChangeJWTKeysEndpoint(keysEndpoint string) func(*JWTIDPChangedEvent) {
+	return func(e *JWTIDPChangedEvent) {
+		e.KeysEndpoint = &keysEndpoint
+	}
+}
+
+func ChangeJWTHeaderName(headerName string) func(*JWTIDPChangedEvent) {
+	return func(e *JWTIDPChangedEvent) {
+		e.HeaderName = &headerName
+	}
+}
+
+func ChangeJWTOptions(options OptionChanges) func(*JWTIDPChangedEvent) {
+	return func(e *JWTIDPChangedEvent) {
+		e.OptionChanges = options
+	}
+}
+
+func (e *JWTIDPChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *JWTIDPChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func JWTIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &JWTIDPChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-D3gjzh", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
--- a/internal/repository/idp/oauth.go
+++ b/internal/repository/idp/oauth.go
@@ -14,8 +14,8 @@ type OAuthIDPAddedEvent struct {

 	ID                    string              `json:"id"`
 	Name                  string              `json:"name,omitempty"`
-	ClientID              string              `json:"client_id,omitempty"`
-	ClientSecret          *crypto.CryptoValue `json:"client_secret,omitempty"`
+	ClientID              string              `json:"clientId,omitempty"`
+	ClientSecret          *crypto.CryptoValue `json:"clientSecret,omitempty"`
 	AuthorizationEndpoint string              `json:"authorizationEndpoint,omitempty"`
 	TokenEndpoint         string              `json:"tokenEndpoint,omitempty"`
 	UserEndpoint          string              `json:"userEndpoint,omitempty"`
@@ -75,8 +75,8 @@ type OAuthIDPChangedEvent struct {

 	ID                    string              `json:"id"`
 	Name                  *string             `json:"name,omitempty"`
-	ClientID              *string             `json:"client_id,omitempty"`
-	ClientSecret          *crypto.CryptoValue `json:"client_secret,omitempty"`
+	ClientID              *string             `json:"clientId,omitempty"`
+	ClientSecret          *crypto.CryptoValue `json:"clientSecret,omitempty"`
 	AuthorizationEndpoint *string             `json:"authorizationEndpoint,omitempty"`
 	TokenEndpoint         *string             `json:"tokenEndpoint,omitempty"`
 	UserEndpoint          *string             `json:"userEndpoint,omitempty"`
--- a/internal/repository/idp/oidc.go
+++ b/internal/repository/idp/oidc.go
@@ -0,0 +1,154 @@
+package idp
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+)
+
+type OIDCIDPAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID           string              `json:"id"`
+	Name         string              `json:"name"`
+	Issuer       string              `json:"issuer"`
+	ClientID     string              `json:"clientId"`
+	ClientSecret *crypto.CryptoValue `json:"clientSecret"`
+	Scopes       []string            `json:"scopes,omitempty"`
+	Options
+}
+
+func NewOIDCIDPAddedEvent(
+	base *eventstore.BaseEvent,
+	id,
+	name,
+	issuer,
+	clientID string,
+	clientSecret *crypto.CryptoValue,
+	scopes []string,
+	options Options,
+) *OIDCIDPAddedEvent {
+	return &OIDCIDPAddedEvent{
+		BaseEvent:    *base,
+		ID:           id,
+		Name:         name,
+		Issuer:       issuer,
+		ClientID:     clientID,
+		ClientSecret: clientSecret,
+		Scopes:       scopes,
+		Options:      options,
+	}
+}
+
+func (e *OIDCIDPAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OIDCIDPAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func OIDCIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &OIDCIDPAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-Et1dq", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
+
+type OIDCIDPChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID           string              `json:"id"`
+	Name         *string             `json:"name,omitempty"`
+	Issuer       *string             `json:"issuer,omitempty"`
+	ClientID     *string             `json:"clientId,omitempty"`
+	ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
+	Scopes       []string            `json:"scopes,omitempty"`
+	OptionChanges
+}
+
+func NewOIDCIDPChangedEvent(
+	base *eventstore.BaseEvent,
+	id string,
+	changes []OIDCIDPChanges,
+) (*OIDCIDPChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "IDP-BH3dl", "Errors.NoChangesFound")
+	}
+	changedEvent := &OIDCIDPChangedEvent{
+		BaseEvent: *base,
+		ID:        id,
+	}
+	for _, change := range changes {
+		change(changedEvent)
+	}
+	return changedEvent, nil
+}
+
+type OIDCIDPChanges func(*OIDCIDPChangedEvent)
+
+func ChangeOIDCName(name string) func(*OIDCIDPChangedEvent) {
+	return func(e *OIDCIDPChangedEvent) {
+		e.Name = &name
+	}
+}
+
+func ChangeOIDCIssuer(issuer string) func(*OIDCIDPChangedEvent) {
+	return func(e *OIDCIDPChangedEvent) {
+		e.Issuer = &issuer
+	}
+}
+
+func ChangeOIDCClientID(clientID string) func(*OIDCIDPChangedEvent) {
+	return func(e *OIDCIDPChangedEvent) {
+		e.ClientID = &clientID
+	}
+}
+
+func ChangeOIDCClientSecret(clientSecret *crypto.CryptoValue) func(*OIDCIDPChangedEvent) {
+	return func(e *OIDCIDPChangedEvent) {
+		e.ClientSecret = clientSecret
+	}
+}
+
+func ChangeOIDCOptions(options OptionChanges) func(*OIDCIDPChangedEvent) {
+	return func(e *OIDCIDPChangedEvent) {
+		e.OptionChanges = options
+	}
+}
+
+func ChangeOIDCScopes(scopes []string) func(*OIDCIDPChangedEvent) {
+	return func(e *OIDCIDPChangedEvent) {
+		e.Scopes = scopes
+	}
+}
+
+func (e *OIDCIDPChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OIDCIDPChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func OIDCIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &OIDCIDPChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-D3gjzh", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
--- a/internal/repository/instance/eventstore.go
+++ b/internal/repository/instance/eventstore.go
@@ -72,6 +72,10 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(AggregateType, IDPJWTConfigChangedEventType, IDPJWTConfigChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, OAuthIDPAddedEventType, OAuthIDPAddedEventMapper).
 		RegisterFilterEventMapper(AggregateType, OAuthIDPChangedEventType, OAuthIDPChangedEventMapper).
+		RegisterFilterEventMapper(AggregateType, OIDCIDPAddedEventType, OIDCIDPAddedEventMapper).
+		RegisterFilterEventMapper(AggregateType, OIDCIDPChangedEventType, OIDCIDPChangedEventMapper).
+		RegisterFilterEventMapper(AggregateType, JWTIDPAddedEventType, JWTIDPAddedEventMapper).
+		RegisterFilterEventMapper(AggregateType, JWTIDPChangedEventType, JWTIDPChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, GoogleIDPAddedEventType, GoogleIDPAddedEventMapper).
 		RegisterFilterEventMapper(AggregateType, GoogleIDPChangedEventType, GoogleIDPChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, LDAPIDPAddedEventType, LDAPIDPAddedEventMapper).
--- a/internal/repository/instance/idp.go
+++ b/internal/repository/instance/idp.go
@@ -12,6 +12,10 @@ import (
 const (
 	OAuthIDPAddedEventType    eventstore.EventType = "instance.idp.oauth.added"
 	OAuthIDPChangedEventType  eventstore.EventType = "instance.idp.oauth.changed"
+	OIDCIDPAddedEventType     eventstore.EventType = "instance.idp.oidc.added"
+	OIDCIDPChangedEventType   eventstore.EventType = "instance.idp.oidc.changed"
+	JWTIDPAddedEventType      eventstore.EventType = "instance.idp.jwt.added"
+	JWTIDPChangedEventType    eventstore.EventType = "instance.idp.jwt.changed"
 	GoogleIDPAddedEventType   eventstore.EventType = "instance.idp.google.added"
 	GoogleIDPChangedEventType eventstore.EventType = "instance.idp.google.changed"
 	LDAPIDPAddedEventType     eventstore.EventType = "instance.idp.ldap.added"
@@ -101,6 +105,162 @@ func OAuthIDPChangedEventMapper(event *repository.Event) (eventstore.Event, erro
 	return &OAuthIDPChangedEvent{OAuthIDPChangedEvent: *e.(*idp.OAuthIDPChangedEvent)}, nil
 }

+type OIDCIDPAddedEvent struct {
+	idp.OIDCIDPAddedEvent
+}
+
+func NewOIDCIDPAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id,
+	name,
+	issuer,
+	clientID string,
+	clientSecret *crypto.CryptoValue,
+	scopes []string,
+	options idp.Options,
+) *OIDCIDPAddedEvent {
+
+	return &OIDCIDPAddedEvent{
+		OIDCIDPAddedEvent: *idp.NewOIDCIDPAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				OIDCIDPAddedEventType,
+			),
+			id,
+			name,
+			issuer,
+			clientID,
+			clientSecret,
+			scopes,
+			options,
+		),
+	}
+}
+
+func OIDCIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.OIDCIDPAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OIDCIDPAddedEvent{OIDCIDPAddedEvent: *e.(*idp.OIDCIDPAddedEvent)}, nil
+}
+
+type OIDCIDPChangedEvent struct {
+	idp.OIDCIDPChangedEvent
+}
+
+func NewOIDCIDPChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id string,
+	changes []idp.OIDCIDPChanges,
+) (*OIDCIDPChangedEvent, error) {
+
+	changedEvent, err := idp.NewOIDCIDPChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OIDCIDPChangedEventType,
+		),
+		id,
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &OIDCIDPChangedEvent{OIDCIDPChangedEvent: *changedEvent}, nil
+}
+
+func OIDCIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.OIDCIDPChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OIDCIDPChangedEvent{OIDCIDPChangedEvent: *e.(*idp.OIDCIDPChangedEvent)}, nil
+}
+
+type JWTIDPAddedEvent struct {
+	idp.JWTIDPAddedEvent
+}
+
+func NewJWTIDPAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id,
+	name,
+	issuer,
+	jwtEndpoint,
+	keysEndpoint,
+	headerName string,
+	options idp.Options,
+) *JWTIDPAddedEvent {
+
+	return &JWTIDPAddedEvent{
+		JWTIDPAddedEvent: *idp.NewJWTIDPAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				JWTIDPAddedEventType,
+			),
+			id,
+			name,
+			issuer,
+			jwtEndpoint,
+			keysEndpoint,
+			headerName,
+			options,
+		),
+	}
+}
+
+func JWTIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.JWTIDPAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &JWTIDPAddedEvent{JWTIDPAddedEvent: *e.(*idp.JWTIDPAddedEvent)}, nil
+}
+
+type JWTIDPChangedEvent struct {
+	idp.JWTIDPChangedEvent
+}
+
+func NewJWTIDPChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id string,
+	changes []idp.JWTIDPChanges,
+) (*JWTIDPChangedEvent, error) {
+
+	changedEvent, err := idp.NewJWTIDPChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			JWTIDPChangedEventType,
+		),
+		id,
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &JWTIDPChangedEvent{JWTIDPChangedEvent: *changedEvent}, nil
+}
+
+func JWTIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.JWTIDPChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &JWTIDPChangedEvent{JWTIDPChangedEvent: *e.(*idp.JWTIDPChangedEvent)}, nil
+}
+
 type GoogleIDPAddedEvent struct {
 	idp.GoogleIDPAddedEvent
 }
@@ -275,7 +435,6 @@ func NewIDPRemovedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
 	id string,
-	name string,
 ) *IDPRemovedEvent {
 	return &IDPRemovedEvent{
 		RemovedEvent: *idp.NewRemovedEvent(
@@ -285,7 +444,6 @@ func NewIDPRemovedEvent(
 				IDPRemovedEventType,
 			),
 			id,
-			name,
 		),
 	}
 }
--- a/internal/repository/org/eventstore.go
+++ b/internal/repository/org/eventstore.go
@@ -80,6 +80,10 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(AggregateType, IDPJWTConfigChangedEventType, IDPJWTConfigChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, OAuthIDPAddedEventType, OAuthIDPAddedEventMapper).
 		RegisterFilterEventMapper(AggregateType, OAuthIDPChangedEventType, OAuthIDPChangedEventMapper).
+		RegisterFilterEventMapper(AggregateType, OIDCIDPAddedEventType, OIDCIDPAddedEventMapper).
+		RegisterFilterEventMapper(AggregateType, OIDCIDPChangedEventType, OIDCIDPChangedEventMapper).
+		RegisterFilterEventMapper(AggregateType, JWTIDPAddedEventType, JWTIDPAddedEventMapper).
+		RegisterFilterEventMapper(AggregateType, JWTIDPChangedEventType, JWTIDPChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, GoogleIDPAddedEventType, GoogleIDPAddedEventMapper).
 		RegisterFilterEventMapper(AggregateType, GoogleIDPChangedEventType, GoogleIDPChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, LDAPIDPAddedEventType, LDAPIDPAddedEventMapper).
--- a/internal/repository/org/idp.go
+++ b/internal/repository/org/idp.go
@@ -12,6 +12,10 @@ import (
 const (
 	OAuthIDPAddedEventType    eventstore.EventType = "org.idp.oauth.added"
 	OAuthIDPChangedEventType  eventstore.EventType = "org.idp.oauth.changed"
+	OIDCIDPAddedEventType     eventstore.EventType = "org.idp.oidc.added"
+	OIDCIDPChangedEventType   eventstore.EventType = "org.idp.oidc.changed"
+	JWTIDPAddedEventType      eventstore.EventType = "org.idp.jwt.added"
+	JWTIDPChangedEventType    eventstore.EventType = "org.idp.jwt.changed"
 	GoogleIDPAddedEventType   eventstore.EventType = "org.idp.google.added"
 	GoogleIDPChangedEventType eventstore.EventType = "org.idp.google.changed"
 	LDAPIDPAddedEventType     eventstore.EventType = "org.idp.ldap.added"
@@ -101,6 +105,162 @@ func OAuthIDPChangedEventMapper(event *repository.Event) (eventstore.Event, erro
 	return &OAuthIDPChangedEvent{OAuthIDPChangedEvent: *e.(*idp.OAuthIDPChangedEvent)}, nil
 }

+type OIDCIDPAddedEvent struct {
+	idp.OIDCIDPAddedEvent
+}
+
+func NewOIDCIDPAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id,
+	name,
+	issuer,
+	clientID string,
+	clientSecret *crypto.CryptoValue,
+	scopes []string,
+	options idp.Options,
+) *OIDCIDPAddedEvent {
+
+	return &OIDCIDPAddedEvent{
+		OIDCIDPAddedEvent: *idp.NewOIDCIDPAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				OIDCIDPAddedEventType,
+			),
+			id,
+			name,
+			issuer,
+			clientID,
+			clientSecret,
+			scopes,
+			options,
+		),
+	}
+}
+
+func OIDCIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.OIDCIDPAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OIDCIDPAddedEvent{OIDCIDPAddedEvent: *e.(*idp.OIDCIDPAddedEvent)}, nil
+}
+
+type OIDCIDPChangedEvent struct {
+	idp.OIDCIDPChangedEvent
+}
+
+func NewOIDCIDPChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id string,
+	changes []idp.OIDCIDPChanges,
+) (*OIDCIDPChangedEvent, error) {
+
+	changedEvent, err := idp.NewOIDCIDPChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OIDCIDPChangedEventType,
+		),
+		id,
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &OIDCIDPChangedEvent{OIDCIDPChangedEvent: *changedEvent}, nil
+}
+
+func OIDCIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.OIDCIDPChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OIDCIDPChangedEvent{OIDCIDPChangedEvent: *e.(*idp.OIDCIDPChangedEvent)}, nil
+}
+
+type JWTIDPAddedEvent struct {
+	idp.JWTIDPAddedEvent
+}
+
+func NewJWTIDPAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id,
+	name,
+	issuer,
+	jwtEndpoint,
+	keysEndpoint,
+	headerName string,
+	options idp.Options,
+) *JWTIDPAddedEvent {
+
+	return &JWTIDPAddedEvent{
+		JWTIDPAddedEvent: *idp.NewJWTIDPAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				JWTIDPAddedEventType,
+			),
+			id,
+			name,
+			issuer,
+			jwtEndpoint,
+			keysEndpoint,
+			headerName,
+			options,
+		),
+	}
+}
+
+func JWTIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.JWTIDPAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &JWTIDPAddedEvent{JWTIDPAddedEvent: *e.(*idp.JWTIDPAddedEvent)}, nil
+}
+
+type JWTIDPChangedEvent struct {
+	idp.JWTIDPChangedEvent
+}
+
+func NewJWTIDPChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id string,
+	changes []idp.JWTIDPChanges,
+) (*JWTIDPChangedEvent, error) {
+
+	changedEvent, err := idp.NewJWTIDPChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			JWTIDPChangedEventType,
+		),
+		id,
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &JWTIDPChangedEvent{JWTIDPChangedEvent: *changedEvent}, nil
+}
+
+func JWTIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.JWTIDPChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &JWTIDPChangedEvent{JWTIDPChangedEvent: *e.(*idp.JWTIDPChangedEvent)}, nil
+}
+
 type GoogleIDPAddedEvent struct {
 	idp.GoogleIDPAddedEvent
 }
@@ -275,7 +435,6 @@ func NewIDPRemovedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
 	id string,
-	name string,
 ) *IDPRemovedEvent {
 	return &IDPRemovedEvent{
 		RemovedEvent: *idp.NewRemovedEvent(
@@ -285,7 +444,6 @@ func NewIDPRemovedEvent(
 				IDPRemovedEventType,
 			),
 			id,
-			name,
 		),
 	}
 }