TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 02:54:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(providers): set prompt select_account again (#5329)

Browse Source
This commit is contained in:
Livio Spring 2023-03-01 08:17:51 +01:00 committed by GitHub
parent 3dbb6f7c67
commit 966df56026
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
internal/api/ui/login/external_provider_handler.go
View File

@ -137,7 +137,7 @@ func (l *Login) handleIDP(w http.ResponseWriter, r *http.Request, authReq *domai
case domain.IDPTypeOIDC: case domain.IDPTypeOIDC:
provider, err = l.oidcProvider(r.Context(), identityProvider) provider, err = l.oidcProvider(r.Context(), identityProvider)
case domain.IDPTypeJWT: case domain.IDPTypeJWT:
provider, err = l.jwtProvider(r.Context(), identityProvider) provider, err = l.jwtProvider(identityProvider)
case domain.IDPTypeGoogle: case domain.IDPTypeGoogle:
provider, err = l.googleProvider(r.Context(), identityProvider) provider, err = l.googleProvider(r.Context(), identityProvider)
case domain.IDPTypeOAuth, case domain.IDPTypeOAuth,
@ -589,7 +589,7 @@ func (l *Login) oidcProvider(ctx context.Context, identityProvider *query.IDPTem
) )
} }
func (l *Login) jwtProvider(ctx context.Context, identityProvider *query.IDPTemplate) (*jwt.Provider, error) { func (l *Login) jwtProvider(identityProvider *query.IDPTemplate) (*jwt.Provider, error) {
return jwt.New( return jwt.New(
identityProvider.Name, identityProvider.Name,
identityProvider.JWTIDPTemplate.Issuer, identityProvider.JWTIDPTemplate.Issuer,

2
internal/api/ui/login/jwt_handler.go
View File

@ -74,7 +74,7 @@ func (l *Login) handleJWTExtraction(w http.ResponseWriter, r *http.Request, auth
l.renderError(w, r, authReq, err) l.renderError(w, r, authReq, err)
return return
} }
provider, err := l.jwtProvider(r.Context(), identityProvider) provider, err := l.jwtProvider(identityProvider)
if err != nil { if err != nil {
emptyTokens := &oidc.Tokens{Token: &oauth2.Token{}} emptyTokens := &oidc.Tokens{Token: &oauth2.Token{}}
if _, actionErr := l.runPostExternalAuthenticationActions(&domain.ExternalUser{}, emptyTokens, authReq, r, err); actionErr != nil { if _, actionErr := l.runPostExternalAuthenticationActions(&domain.ExternalUser{}, emptyTokens, authReq, r, err); actionErr != nil {

4
internal/idp/providers/azuread/azuread_test.go
View File

@ -34,7 +34,7 @@ func TestProvider_BeginAuth(t *testing.T) {
redirectURI: "redirectURI", redirectURI: "redirectURI",
}, },
want: &oidc.Session{ want: &oidc.Session{
AuthURL: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&scope=openid+profile+email&state=testState", AuthURL: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid+profile+email&state=testState",
}, },
}, },
{ {
@ -48,7 +48,7 @@ func TestProvider_BeginAuth(t *testing.T) {
}, },
}, },
want: &oidc.Session{ want: &oidc.Session{
AuthURL: "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&scope=openid+profile+email&state=testState", AuthURL: "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid+profile+email&state=testState",
}, },
}, },
} }

2
internal/idp/providers/github/github_test.go
View File

@ -32,7 +32,7 @@ func TestProvider_BeginAuth(t *testing.T) {
redirectURI: "redirectURI", redirectURI: "redirectURI",
}, },
want: &oauth.Session{ want: &oauth.Session{
AuthURL: "https://github.com/login/oauth/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&state=testState", AuthURL: "https://github.com/login/oauth/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&state=testState",
}, },
}, },
} }

2
internal/idp/providers/gitlab/gitlab_test.go
View File

@ -33,7 +33,7 @@ func TestProvider_BeginAuth(t *testing.T) {
scopes: []string{"openid"}, scopes: []string{"openid"},
}, },
want: &oidc.Session{ want: &oidc.Session{
AuthURL: "https://gitlab.com/oauth/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState", AuthURL: "https://gitlab.com/oauth/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState",
}, },
}, },
} }

2
internal/idp/providers/google/google_test.go
View File

@ -32,7 +32,7 @@ func TestProvider_BeginAuth(t *testing.T) {
scopes: []string{"openid"}, scopes: []string{"openid"},
}, },
want: &oidc.Session{ want: &oidc.Session{
AuthURL: "https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState", AuthURL: "https://accounts.google.com/o/oauth2/v2/auth?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState",
}, },
}, },
} }

3
internal/idp/providers/oauth/oauth2.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"github.com/zitadel/oidc/v2/pkg/client/rp" "github.com/zitadel/oidc/v2/pkg/client/rp"
"github.com/zitadel/oidc/v2/pkg/oidc"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"github.com/zitadel/zitadel/internal/idp" "github.com/zitadel/zitadel/internal/idp"
@ -87,7 +88,7 @@ func (p *Provider) Name() string {
// BeginAuth implements the [idp.Provider] interface. // BeginAuth implements the [idp.Provider] interface.
// It will create a [Session] with an OAuth2.0 authorization request as AuthURL. // It will create a [Session] with an OAuth2.0 authorization request as AuthURL.
func (p *Provider) BeginAuth(ctx context.Context, state string, _ ...any) (idp.Session, error) { func (p *Provider) BeginAuth(ctx context.Context, state string, _ ...any) (idp.Session, error) {
url := rp.AuthURL(state, p.RelyingParty) url := rp.AuthURL(state, p.RelyingParty, rp.WithPrompt(oidc.PromptSelectAccount))
return &Session{AuthURL: url, Provider: p}, nil return &Session{AuthURL: url, Provider: p}, nil
} }

2
internal/idp/providers/oauth/oauth2_test.go
View File

@ -38,7 +38,7 @@ func TestProvider_BeginAuth(t *testing.T) {
Scopes: []string{"user"}, Scopes: []string{"user"},
}, },
}, },
want: &Session{AuthURL: "https://oauth2.com/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&scope=user&state=testState"}, want: &Session{AuthURL: "https://oauth2.com/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=user&state=testState"},
}, },
} }
for _, tt := range tests { for _, tt := range tests {

2
internal/idp/providers/oidc/oidc.go
View File

@ -105,7 +105,7 @@ func (p *Provider) Name() string {
// BeginAuth implements the [idp.Provider] interface. // BeginAuth implements the [idp.Provider] interface.
// It will create a [Session] with an OIDC authorization request as AuthURL. // It will create a [Session] with an OIDC authorization request as AuthURL.
func (p *Provider) BeginAuth(ctx context.Context, state string, _ ...any) (idp.Session, error) { func (p *Provider) BeginAuth(ctx context.Context, state string, _ ...any) (idp.Session, error) {
url := rp.AuthURL(state, p.RelyingParty) url := rp.AuthURL(state, p.RelyingParty, rp.WithPrompt(oidc.PromptSelectAccount))
return &Session{AuthURL: url, Provider: p}, nil return &Session{AuthURL: url, Provider: p}, nil
} }

2
internal/idp/providers/oidc/oidc_test.go
View File

@ -51,7 +51,7 @@ func TestProvider_BeginAuth(t *testing.T) {
}) })
}, },
}, },
want: &Session{AuthURL: "https://issuer.com/authorize?client_id=clientID&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState"}, want: &Session{AuthURL: "https://issuer.com/authorize?client_id=clientID&prompt=select_account&redirect_uri=redirectURI&response_type=code&scope=openid&state=testState"},
}, },
} }
for _, tt := range tests { for _, tt := range tests {