fix: correct unmarshall of EntraID userinfo when retrieving intent information (#10507)

# Which Problems Are Solved EntraID userinfo gets incorrectly unmarshalled again in the `RetrieveIdentityProviderIntent` endpoint. # How the Problems Are Solved Correctly use the already available information and not try to marshall it into a `RawInformation` struct again. # Additional Changes None # Additional Context Closes https://github.com/zitadel/typescript/issues/578 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-23 15:28:21 +00:00 · 2025-08-22 07:35:58 +02:00
parent 473c33754f
commit 93ea30ba2e
5 changed files with 213 additions and 12 deletions
--- a/internal/integration/client.go
+++ b/internal/integration/client.go
@@ -632,6 +632,34 @@ func (i *Instance) AddProviderToDefaultLoginPolicy(ctx context.Context, id strin
 	logging.OnError(err).Panic("add provider to default login policy")
 }

+func (i *Instance) AddAzureADProvider(ctx context.Context, name string) *admin.AddAzureADProviderResponse {
+	resp, err := i.Client.Admin.AddAzureADProvider(ctx, &admin.AddAzureADProviderRequest{
+		Name:          name,
+		ClientId:      "clientID",
+		ClientSecret:  "clientSecret",
+		Tenant:        nil,
+		EmailVerified: false,
+		Scopes:        []string{"openid", "profile", "email"},
+		ProviderOptions: &idp.Options{
+			IsLinkingAllowed:  true,
+			IsCreationAllowed: true,
+			IsAutoCreation:    true,
+			IsAutoUpdate:      true,
+			AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME,
+		},
+	})
+	logging.OnError(err).Panic("create Azure AD idp")
+
+	mustAwait(func() error {
+		_, err := i.Client.Admin.GetProviderByID(ctx, &admin.GetProviderByIDRequest{
+			Id: resp.GetId(),
+		})
+		return err
+	})
+
+	return resp
+}
+
 func (i *Instance) AddGenericOAuthProvider(ctx context.Context, name string) *admin.AddGenericOAuthProviderResponse {
 	return i.AddGenericOAuthProviderWithOptions(ctx, name, true, true, true, idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME)
 }
--- a/internal/integration/sink/server.go
+++ b/internal/integration/sink/server.go
@@ -27,6 +27,7 @@ import (

 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/idp/providers/azuread"
 	"github.com/zitadel/zitadel/internal/idp/providers/jwt"
 	"github.com/zitadel/zitadel/internal/idp/providers/ldap"
 	"github.com/zitadel/zitadel/internal/idp/providers/oauth"
@@ -69,6 +70,25 @@ func SuccessfulOAuthIntent(instanceID, idpID, idpUserID, userID string, expiry t
 	return resp.IntentID, resp.Token, resp.ChangeDate, resp.Sequence, nil
 }

+func SuccessfulAzureADIntent(instanceID, idpID, idpUserID, userID string, expiry time.Time) (string, string, time.Time, uint64, error) {
+	u := url.URL{
+		Scheme: "http",
+		Host:   host,
+		Path:   successfulIntentAzureADPath(),
+	}
+	resp, err := callIntent(u.String(), &SuccessfulIntentRequest{
+		InstanceID: instanceID,
+		IDPID:      idpID,
+		IDPUserID:  idpUserID,
+		UserID:     userID,
+		Expiry:     expiry,
+	})
+	if err != nil {
+		return "", "", time.Time{}, uint64(0), err
+	}
+	return resp.IntentID, resp.Token, resp.ChangeDate, resp.Sequence, nil
+}
+
 func SuccessfulOIDCIntent(instanceID, idpID, idpUserID, userID string, expiry time.Time) (string, string, time.Time, uint64, error) {
 	u := url.URL{
 		Scheme: "http",
@@ -163,6 +183,7 @@ func StartServer(commands *command.Commands) (close func()) {
 		router.HandleFunc(subscribePath(ch), fwd.subscriptionHandler)
 		router.HandleFunc(successfulIntentOAuthPath(), successfulIntentHandler(commands, createSuccessfulOAuthIntent))
 		router.HandleFunc(successfulIntentOIDCPath(), successfulIntentHandler(commands, createSuccessfulOIDCIntent))
+		router.HandleFunc(successfulIntentAzureADPath(), successfulIntentHandler(commands, createSuccessfulAzureADIntent))
 		router.HandleFunc(successfulIntentSAMLPath(), successfulIntentHandler(commands, createSuccessfulSAMLIntent))
 		router.HandleFunc(successfulIntentLDAPPath(), successfulIntentHandler(commands, createSuccessfulLDAPIntent))
 		router.HandleFunc(successfulIntentJWTPath(), successfulIntentHandler(commands, createSuccessfulJWTIntent))
@@ -204,6 +225,10 @@ func successfulIntentOAuthPath() string {
 	return path.Join(successfulIntentPath(), "/", "oauth")
 }

+func successfulIntentAzureADPath() string {
+	return path.Join(successfulIntentPath(), "/", "azuread")
+}
+
 func successfulIntentOIDCPath() string {
 	return path.Join(successfulIntentPath(), "/", "oidc")
 }
@@ -423,6 +448,44 @@ func createSuccessfulOAuthIntent(ctx context.Context, cmd *command.Commands, req
 	}, nil
 }

+func createSuccessfulAzureADIntent(ctx context.Context, cmd *command.Commands, req *SuccessfulIntentRequest) (*SuccessfulIntentResponse, error) {
+	intentID, err := createIntent(ctx, cmd, req.InstanceID, req.IDPID)
+	if err != nil {
+		return nil, err
+	}
+	writeModel, err := cmd.GetIntentWriteModel(ctx, intentID, req.InstanceID)
+	if err != nil {
+		return nil, err
+	}
+	idpUser := &azuread.User{
+		ID:                req.IDPUserID,
+		DisplayName:       "displayname",
+		FirstName:         "firstname",
+		Email:             "email@email.com",
+		LastName:          "lastname",
+		UserPrincipalName: "username",
+	}
+	idpSession := &oauth.Session{
+		Tokens: &oidc.Tokens[*oidc.IDTokenClaims]{
+			Token: &oauth2.Token{
+				AccessToken: "accessToken",
+				Expiry:      req.Expiry,
+			},
+			IDToken: "idToken",
+		},
+	}
+	token, err := cmd.SucceedIDPIntent(ctx, writeModel, idpUser, idpSession, req.UserID)
+	if err != nil {
+		return nil, err
+	}
+	return &SuccessfulIntentResponse{
+		intentID,
+		token,
+		writeModel.ChangeDate,
+		writeModel.ProcessedSequence,
+	}, nil
+}
+
 func createSuccessfulOIDCIntent(ctx context.Context, cmd *command.Commands, req *SuccessfulIntentRequest) (*SuccessfulIntentResponse, error) {
 	intentID, err := createIntent(ctx, cmd, req.InstanceID, req.IDPID)
 	writeModel, err := cmd.GetIntentWriteModel(ctx, intentID, req.InstanceID)