userinfo from events for v2 tokens

2025-10-25 10:50:52 +00:00 · 2023-11-02 17:27:30 +02:00
parent 85e22c1521
commit 9f7f715259
7 changed files with 485 additions and 79 deletions
--- a/internal/api/oidc/userinfo.go
+++ b/internal/api/oidc/userinfo.go
@@ -0,0 +1,88 @@
+package oidc
+
+import (
+	"strings"
+
+	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+)
+
+func userinfoToOIDC(user *query.OIDCUserinfo, scopes []string) *oidc.UserInfo {
+	out := new(oidc.UserInfo)
+	for _, scope := range scopes {
+		switch scope {
+		case oidc.ScopeOpenID:
+			out.Subject = user.ID
+		case oidc.ScopeEmail:
+			out.UserInfoEmail = userInfoEmailToOIDC(user)
+		case oidc.ScopeProfile:
+			out.UserInfoProfile = userInfoProfileToOidc(user)
+		case oidc.ScopePhone:
+			out.UserInfoPhone = userInfoPhoneToOIDC(user)
+		case oidc.ScopeAddress:
+			out.Address = userInfoAddressToOIDC(user)
+		case ScopeUserMetaData:
+			if len(user.Metadata) > 0 {
+				out.AppendClaims(ClaimUserMetaData, user.Metadata)
+			}
+		case ScopeResourceOwner:
+			setUserInfoOrgClaims(user, out)
+		default:
+			if strings.HasPrefix(scope, domain.OrgDomainPrimaryScope) {
+				out.AppendClaims(domain.OrgDomainPrimaryClaim, strings.TrimPrefix(scope, domain.OrgDomainPrimaryScope))
+			}
+			if strings.HasPrefix(scope, domain.OrgIDScope) {
+				out.AppendClaims(domain.OrgIDClaim, strings.TrimPrefix(scope, domain.OrgIDScope))
+				setUserInfoOrgClaims(user, out)
+			}
+		}
+	}
+
+	return out
+}
+
+func userInfoEmailToOIDC(user *query.OIDCUserinfo) oidc.UserInfoEmail {
+	return oidc.UserInfoEmail{
+		Email:         string(user.Email),
+		EmailVerified: oidc.Bool(user.IsEmailVerified),
+	}
+}
+
+func userInfoProfileToOidc(user *query.OIDCUserinfo) oidc.UserInfoProfile {
+	return oidc.UserInfoProfile{
+		Name:       user.Name,
+		GivenName:  user.FirstName,
+		FamilyName: user.LastName,
+		Nickname:   user.NickName,
+		// Picture:    domain.AvatarURL(o.assetAPIPrefix(ctx), user.ResourceOwner, user.Human.AvatarKey),
+		Gender:    getGender(user.Gender),
+		Locale:    oidc.NewLocale(user.PreferredLanguage),
+		UpdatedAt: oidc.FromTime(user.UpdatedAt),
+		// PreferredUsername: user.PreferredLoginName,
+	}
+}
+
+func userInfoPhoneToOIDC(user *query.OIDCUserinfo) oidc.UserInfoPhone {
+	return oidc.UserInfoPhone{
+		PhoneNumber:         string(user.Phone),
+		PhoneNumberVerified: user.IsPhoneVerified,
+	}
+}
+
+func userInfoAddressToOIDC(user *query.OIDCUserinfo) *oidc.UserInfoAddress {
+	return &oidc.UserInfoAddress{
+		// Formatted: ??,
+		StreetAddress: user.StreetAddress,
+		Locality:      user.Locality,
+		Region:        user.Region,
+		PostalCode:    user.PostalCode,
+		Country:       user.Country,
+	}
+}
+
+func setUserInfoOrgClaims(user *query.OIDCUserinfo, out *oidc.UserInfo) {
+	out.AppendClaims(ClaimResourceOwner+"id", user.OrgID)
+	out.AppendClaims(ClaimResourceOwner+"name", user.OrgName)
+	out.AppendClaims(ClaimResourceOwner+"primary_domain", user.OrgPrimaryDomain)
+}