feat: allow skip of success page for native apps (#5627)

add possibility to return to callback directly after login without rendering the successful login page

internal/command/instance_domain_test.go

@@ -161,7 +161,9 @@ func TestCommandSide_AddInstanceDomain(t *testing.T) {
 								true,
 								true,
 								time.Second*1,
-								[]string{"https://sub.test.ch"}),
+								[]string{"https://sub.test.ch"},
+								false,
+							),
 						),
 					),
 					expectPush(

internal/command/project_application_oidc.go

@@ -19,20 +19,21 @@ import (
 
 type addOIDCApp struct {
 	AddApp
-	Version                  domain.OIDCVersion
-	RedirectUris             []string
-	ResponseTypes            []domain.OIDCResponseType
-	GrantTypes               []domain.OIDCGrantType
-	ApplicationType          domain.OIDCApplicationType
-	AuthMethodType           domain.OIDCAuthMethodType
-	PostLogoutRedirectUris   []string
-	DevMode                  bool
-	AccessTokenType          domain.OIDCTokenType
-	AccessTokenRoleAssertion bool
-	IDTokenRoleAssertion     bool
-	IDTokenUserinfoAssertion bool
-	ClockSkew                time.Duration
-	AdditionalOrigins        []string
+	Version                     domain.OIDCVersion
+	RedirectUris                []string
+	ResponseTypes               []domain.OIDCResponseType
+	GrantTypes                  []domain.OIDCGrantType
+	ApplicationType             domain.OIDCApplicationType
+	AuthMethodType              domain.OIDCAuthMethodType
+	PostLogoutRedirectUris      []string
+	DevMode                     bool
+	AccessTokenType             domain.OIDCTokenType
+	AccessTokenRoleAssertion    bool
+	IDTokenRoleAssertion        bool
+	IDTokenUserinfoAssertion    bool
+	ClockSkew                   time.Duration
+	AdditionalOrigins           []string
+	SkipSuccessPageForNativeApp bool
 
 	ClientID          string
 	ClientSecret      *crypto.CryptoValue
@@ -109,6 +110,7 @@ func (c *Commands) AddOIDCAppCommand(app *addOIDCApp, clientSecretAlg crypto.Has
 					app.IDTokenUserinfoAssertion,
 					app.ClockSkew,
 					app.AdditionalOrigins,
+					app.SkipSuccessPageForNativeApp,
 				),
 			}, nil
 		}, nil
@@ -191,7 +193,9 @@ func (c *Commands) addOIDCApplicationWithID(ctx context.Context, oidcApp *domain
 		oidcApp.IDTokenRoleAssertion,
 		oidcApp.IDTokenUserinfoAssertion,
 		oidcApp.ClockSkew,
-		oidcApp.AdditionalOrigins))
+		oidcApp.AdditionalOrigins,
+		oidcApp.SkipNativeAppSuccessPage,
+	))
 
 	addedApplication.AppID = oidcApp.AppID
 	pushedEvents, err := c.eventstore.Push(ctx, events...)
@@ -241,7 +245,9 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA
 		oidc.IDTokenRoleAssertion,
 		oidc.IDTokenUserinfoAssertion,
 		oidc.ClockSkew,
-		oidc.AdditionalOrigins)
+		oidc.AdditionalOrigins,
+		oidc.SkipNativeAppSuccessPage,
+	)
 	if err != nil {
 		return nil, err
 	}

internal/command/project_application_oidc_model.go

@@ -35,6 +35,7 @@ type OIDCApplicationWriteModel struct {
 	ClockSkew                time.Duration
 	State                    domain.AppState
 	AdditionalOrigins        []string
+	SkipNativeAppSuccessPage bool
 	oidc                     bool
 }
 
@@ -156,6 +157,7 @@ func (wm *OIDCApplicationWriteModel) appendAddOIDCEvent(e *project.OIDCConfigAdd
 	wm.IDTokenUserinfoAssertion = e.IDTokenUserinfoAssertion
 	wm.ClockSkew = e.ClockSkew
 	wm.AdditionalOrigins = e.AdditionalOrigins
+	wm.SkipNativeAppSuccessPage = e.SkipNativeAppSuccessPage
 }
 
 func (wm *OIDCApplicationWriteModel) appendChangeOIDCEvent(e *project.OIDCConfigChangedEvent) {
@@ -201,6 +203,9 @@ func (wm *OIDCApplicationWriteModel) appendChangeOIDCEvent(e *project.OIDCConfig
 	if e.AdditionalOrigins != nil {
 		wm.AdditionalOrigins = *e.AdditionalOrigins
 	}
+	if e.SkipNativeAppSuccessPage != nil {
+		wm.SkipNativeAppSuccessPage = *e.SkipNativeAppSuccessPage
+	}
 }
 
 func (wm *OIDCApplicationWriteModel) Query() *eventstore.SearchQueryBuilder {
@@ -240,6 +245,7 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	idTokenUserinfoAssertion bool,
 	clockSkew time.Duration,
 	additionalOrigins []string,
+	skipNativeAppSuccessPage bool,
 ) (*project.OIDCConfigChangedEvent, bool, error) {
 	changes := make([]project.OIDCConfigChanges, 0)
 	var err error
@@ -286,6 +292,10 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	if !reflect.DeepEqual(wm.AdditionalOrigins, additionalOrigins) {
 		changes = append(changes, project.ChangeAdditionalOrigins(additionalOrigins))
 	}
+	if wm.SkipNativeAppSuccessPage != skipNativeAppSuccessPage {
+		changes = append(changes, project.ChangeSkipNativeAppSuccessPage(skipNativeAppSuccessPage))
+	}
+
 	if len(changes) == 0 {
 		return nil, false, nil
 	}

internal/command/project_application_oidc_test.go

@@ -169,6 +169,7 @@ func TestAddOIDCApp(t *testing.T) {
 						false,
 						0,
 						nil,
+						false,
 					),
 				},
 			},
@@ -325,7 +326,9 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 									true,
 									true,
 									time.Second*1,
-									[]string{"https://sub.test.ch"}),
+									[]string{"https://sub.test.ch"},
+									true,
+								),
 							),
 						},
 						uniqueConstraintsFromEventConstraint(project.NewAddApplicationUniqueConstraint("app", "project1")),
@@ -354,6 +357,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 					IDTokenUserinfoAssertion: true,
 					ClockSkew:                time.Second * 1,
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
+					SkipNativeAppSuccessPage: true,
 				},
 				resourceOwner:   "org1",
 				secretGenerator: GetMockSecretGenerator(t),
@@ -382,6 +386,7 @@ func TestCommandSide_AddOIDCApplication(t *testing.T) {
 					IDTokenUserinfoAssertion: true,
 					ClockSkew:                time.Second * 1,
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
+					SkipNativeAppSuccessPage: true,
 					State:                    domain.AppStateActive,
 					Compliance:               &domain.Compliance{},
 				},
@@ -558,7 +563,9 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 								true,
 								true,
 								time.Second*1,
-								[]string{"https://sub.test.ch"}),
+								[]string{"https://sub.test.ch"},
+								true,
+							),
 						),
 					),
 				),
@@ -585,6 +592,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 					IDTokenUserinfoAssertion: true,
 					ClockSkew:                time.Second * 1,
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
+					SkipNativeAppSuccessPage: true,
 				},
 				resourceOwner: "org1",
 			},
@@ -629,7 +637,9 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 								true,
 								true,
 								time.Second*1,
-								[]string{"https://sub.test.ch"}),
+								[]string{"https://sub.test.ch"},
+								true,
+							),
 						),
 					),
 					expectPush(
@@ -666,6 +676,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 					IDTokenUserinfoAssertion: false,
 					ClockSkew:                time.Second * 2,
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
+					SkipNativeAppSuccessPage: true,
 				},
 				resourceOwner: "org1",
 			},
@@ -692,6 +703,7 @@ func TestCommandSide_ChangeOIDCApplication(t *testing.T) {
 					IDTokenUserinfoAssertion: false,
 					ClockSkew:                time.Second * 2,
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
+					SkipNativeAppSuccessPage: true,
 					Compliance:               &domain.Compliance{},
 					State:                    domain.AppStateActive,
 				},
@@ -826,7 +838,9 @@ func TestCommandSide_ChangeOIDCApplicationSecret(t *testing.T) {
 								true,
 								true,
 								time.Second*1,
-								[]string{"https://sub.test.ch"}),
+								[]string{"https://sub.test.ch"},
+								false,
+							),
 						),
 					),
 					expectPush(
@@ -877,6 +891,7 @@ func TestCommandSide_ChangeOIDCApplicationSecret(t *testing.T) {
 					IDTokenUserinfoAssertion: true,
 					ClockSkew:                time.Second * 1,
 					AdditionalOrigins:        []string{"https://sub.test.ch"},
+					SkipNativeAppSuccessPage: false,
 					State:                    domain.AppStateActive,
 				},
 			},

internal/command/project_converter.go

@@ -25,14 +25,6 @@ func projectGrantWriteModelToProjectGrant(writeModel *ProjectGrantWriteModel) *d
 	}
 }
 
-func applicationWriteModelToApplication(writeModel *ApplicationWriteModel) domain.Application {
-	return &domain.ChangeApp{
-		AppID:   writeModel.AppID,
-		AppName: writeModel.Name,
-		State:   writeModel.State,
-	}
-}
-
 func oidcWriteModelToOIDCConfig(writeModel *OIDCApplicationWriteModel) *domain.OIDCApp {
 	return &domain.OIDCApp{
 		ObjectRoot:               writeModelToObjectRoot(writeModel.WriteModel),
@@ -54,6 +46,7 @@ func oidcWriteModelToOIDCConfig(writeModel *OIDCApplicationWriteModel) *domain.O
 		IDTokenUserinfoAssertion: writeModel.IDTokenUserinfoAssertion,
 		ClockSkew:                writeModel.ClockSkew,
 		AdditionalOrigins:        writeModel.AdditionalOrigins,
+		SkipNativeAppSuccessPage: writeModel.SkipNativeAppSuccessPage,
 	}
 }
 

internal/command/user_human_otp.go

@@ -3,9 +3,9 @@ package command
 import (
 	"context"
 
-	"github.com/zitadel/zitadel/internal/crypto"
-
 	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"