From a4e08b5419e136774310e5f6405a7a1f1f352b31 Mon Sep 17 00:00:00 2001
From: Max Peintner <peintnerm@gmail.com>
Date: Tue, 6 May 2025 14:41:44 +0200
Subject: [PATCH] i18n

---
 apps/login/locales/de.json                    |  1 +
 apps/login/locales/en.json                    |  7 +-
 apps/login/locales/es.json                    |  1 +
 apps/login/locales/it.json                    |  1 +
 apps/login/locales/pl.json                    |  1 +
 apps/login/locales/ru.json                    |  1 +
 apps/login/locales/zh.json                    |  1 +
 .../src/app/(login)/device/consent/page.tsx   |  5 +-
 apps/login/src/app/(login)/signedin/page.tsx  | 80 +------------------
 apps/login/src/components/consent.tsx         |  8 +-
 apps/login/src/lib/client.ts                  |  9 ++-
 11 files changed, 23 insertions(+), 92 deletions(-)

diff --git a/apps/login/locales/de.json b/apps/login/locales/de.json
index befd14e7be..452620c697 100644
--- a/apps/login/locales/de.json
+++ b/apps/login/locales/de.json
@@ -200,6 +200,7 @@
       "deny": "Ablehnen"
     },
     "scope": {
+      "openid": "Überprüfen Sie Ihre Identität.",
       "email": "Zugriff auf Ihre E-Mail-Adresse.",
       "profile": "Zugriff auf Ihre vollständigen Profilinformationen.",
       "offline_access": "Erlauben Sie den Offline-Zugriff auf Ihr Konto."
diff --git a/apps/login/locales/en.json b/apps/login/locales/en.json
index 7aecf0294b..27b0880615 100644
--- a/apps/login/locales/en.json
+++ b/apps/login/locales/en.json
@@ -190,7 +190,7 @@
   "device": {
     "usercode": {
       "title": "Device code",
-      "description": "Enter the code.",
+      "description": "Enter the code displayed on your app or device.",
       "submit": "Continue"
     },
     "request": {
@@ -200,8 +200,9 @@
       "deny": "Deny"
     },
     "scope": {
-      "email": "Access your email address.",
-      "profile": "Access your full profile information.",
+      "openid": "Verify your identity.",
+      "email": "Access to your email address.",
+      "profile": "Access to your full profile information.",
       "offline_access": "Allow offline access to your account."
     }
   },
diff --git a/apps/login/locales/es.json b/apps/login/locales/es.json
index 450aadd867..e27ef1c25d 100644
--- a/apps/login/locales/es.json
+++ b/apps/login/locales/es.json
@@ -200,6 +200,7 @@
       "deny": "Denegar"
     },
     "scope": {
+      "openid": "Verifica tu identidad.",
       "email": "Accede a tu dirección de correo electrónico.",
       "profile": "Accede a la información completa de tu perfil.",
       "offline_access": "Permitir acceso sin conexión a tu cuenta."
diff --git a/apps/login/locales/it.json b/apps/login/locales/it.json
index 558ac51a23..1c7a4d495d 100644
--- a/apps/login/locales/it.json
+++ b/apps/login/locales/it.json
@@ -200,6 +200,7 @@
       "deny": "Nega"
     },
     "scope": {
+      "openid": "Verifica la tua identità.",
       "email": "Accedi al tuo indirizzo email.",
       "profile": "Accedi alle informazioni complete del tuo profilo.",
       "offline_access": "Consenti l'accesso offline al tuo account."
diff --git a/apps/login/locales/pl.json b/apps/login/locales/pl.json
index 49683303db..a82efd9807 100644
--- a/apps/login/locales/pl.json
+++ b/apps/login/locales/pl.json
@@ -200,6 +200,7 @@
       "deny": "Odmów"
     },
     "scope": {
+      "openid": "Zweryfikuj swoją tożsamość.",
       "email": "Uzyskaj dostęp do swojego adresu e-mail.",
       "profile": "Uzyskaj dostęp do pełnych informacji o swoim profilu.",
       "offline_access": "Zezwól na dostęp offline do swojego konta."
diff --git a/apps/login/locales/ru.json b/apps/login/locales/ru.json
index 149bea5a88..f3ac0dfa43 100644
--- a/apps/login/locales/ru.json
+++ b/apps/login/locales/ru.json
@@ -200,6 +200,7 @@
       "deny": "Запретить"
     },
     "scope": {
+      "openid": "Проверка вашей личности.",
       "email": "Доступ к вашему адресу электронной почты.",
       "profile": "Доступ к полной информации вашего профиля.",
       "offline_access": "Разрешить офлайн-доступ к вашему аккаунту."
diff --git a/apps/login/locales/zh.json b/apps/login/locales/zh.json
index 13a91ac77e..72c4bc4735 100644
--- a/apps/login/locales/zh.json
+++ b/apps/login/locales/zh.json
@@ -200,6 +200,7 @@
       "deny": "拒绝"
     },
     "scope": {
+      "openid": "验证您的身份。",
       "email": "访问您的电子邮件地址。",
       "profile": "访问您的完整个人资料信息。",
       "offline_access": "允许离线访问您的账户。"
diff --git a/apps/login/src/app/(login)/device/consent/page.tsx b/apps/login/src/app/(login)/device/consent/page.tsx
index c190451d48..64754d5ab8 100644
--- a/apps/login/src/app/(login)/device/consent/page.tsx
+++ b/apps/login/src/app/(login)/device/consent/page.tsx
@@ -63,10 +63,7 @@ export default async function Page(props: {
   }
 
   return (
-    <DynamicTheme
-      branding={branding}
-      appName={deviceAuthorizationRequest?.appName}
-    >
+    <DynamicTheme branding={branding}>
       <div className="flex flex-col items-center space-y-4">
         <h1>
           {t("request.title", { appName: deviceAuthorizationRequest?.appName })}
diff --git a/apps/login/src/app/(login)/signedin/page.tsx b/apps/login/src/app/(login)/signedin/page.tsx
index 4fbaf9b937..09c96b56d4 100644
--- a/apps/login/src/app/(login)/signedin/page.tsx
+++ b/apps/login/src/app/(login)/signedin/page.tsx
@@ -2,95 +2,17 @@ import { Alert, AlertType } from "@/components/alert";
 import { Button, ButtonVariants } from "@/components/button";
 import { DynamicTheme } from "@/components/dynamic-theme";
 import { UserAvatar } from "@/components/user-avatar";
-import {
-  getMostRecentCookieWithLoginname,
-  getSessionCookieById,
-} from "@/lib/cookies";
+import { getSessionCookieById } from "@/lib/cookies";
 import { getServiceUrlFromHeaders } from "@/lib/service";
 import { loadMostRecentSession } from "@/lib/session";
 import {
-  authorizeOrDenyDeviceAuthorization,
-  createCallback,
-  createResponse,
   getBrandingSettings,
   getLoginSettings,
   getSession,
 } from "@/lib/zitadel";
-import { create } from "@zitadel/client";
-import {
-  CreateCallbackRequestSchema,
-  SessionSchema,
-} from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb";
-import { CreateResponseRequestSchema } from "@zitadel/proto/zitadel/saml/v2/saml_service_pb";
 import { getLocale, getTranslations } from "next-intl/server";
 import { headers } from "next/headers";
 import Link from "next/link";
-import { redirect } from "next/navigation";
-
-async function loadSession(
-  serviceUrl: string,
-  loginName: string,
-  requestId?: string,
-) {
-  const recent = await getMostRecentCookieWithLoginname({ loginName });
-
-  if (requestId && requestId.startsWith("oidc_")) {
-    return createCallback({
-      serviceUrl,
-      req: create(CreateCallbackRequestSchema, {
-        authRequestId: requestId,
-        callbackKind: {
-          case: "session",
-          value: create(SessionSchema, {
-            sessionId: recent.id,
-            sessionToken: recent.token,
-          }),
-        },
-      }),
-    }).then(({ callbackUrl }) => {
-      return redirect(callbackUrl);
-    });
-  } else if (requestId && requestId.startsWith("saml_")) {
-    return createResponse({
-      serviceUrl,
-      req: create(CreateResponseRequestSchema, {
-        samlRequestId: requestId.replace("saml_", ""),
-        responseKind: {
-          case: "session",
-          value: {
-            sessionId: recent.id,
-            sessionToken: recent.token,
-          },
-        },
-      }),
-    }).then(({ url }) => {
-      return redirect(url);
-    });
-  } else if (requestId && requestId.startsWith("device_")) {
-    const session = {
-      sessionId: recent.id,
-      sessionToken: recent.token,
-    };
-
-    return authorizeOrDenyDeviceAuthorization({
-      serviceUrl,
-      deviceAuthorizationId: requestId.replace("device_", ""),
-      session,
-    }).then(() => {
-      return session;
-    });
-  }
-
-  return getSession({
-    serviceUrl,
-    sessionId: recent.id,
-    sessionToken: recent.token,
-  }).then((response) => {
-    if (response?.session) {
-      return response.session;
-    }
-  });
-}
 
 async function loadSessionById(
   serviceUrl: string,
diff --git a/apps/login/src/components/consent.tsx b/apps/login/src/components/consent.tsx
index 82266a71dc..15b106e62e 100644
--- a/apps/login/src/components/consent.tsx
+++ b/apps/login/src/components/consent.tsx
@@ -1,3 +1,5 @@
+"use client";
+
 import { denyDeviceAuthorization } from "@/lib/server/oidc";
 import { useTranslations } from "next-intl";
 import Link from "next/link";
@@ -32,11 +34,9 @@ export function ConsentScreen({
         setLoading(false);
       });
 
-    if (response && "redirect" in response && response.redirect) {
+    if (response) {
       return router.push("/device");
     }
-
-    return response;
   }
 
   return (
@@ -77,7 +77,7 @@ export function ConsentScreen({
           onClick={() => {
             denyDeviceAuth();
           }}
-          variant={ButtonVariants.Destructive}
+          variant={ButtonVariants.Secondary}
           data-testid="deny-button"
         >
           {loading && <Spinner className="h-5 w-5 mr-2" />}
diff --git a/apps/login/src/lib/client.ts b/apps/login/src/lib/client.ts
index df04986ccc..a59af90b77 100644
--- a/apps/login/src/lib/client.ts
+++ b/apps/login/src/lib/client.ts
@@ -7,8 +7,8 @@ type FinishFlowCommand =
 
 function goToSignedInPage(
   props:
-    | { sessionId: string; organization?: string }
-    | { organization?: string; loginName: string },
+    | { sessionId: string; organization?: string; requestId?: string }
+    | { organization?: string; loginName: string; requestId?: string },
 ) {
   const params = new URLSearchParams({});
 
@@ -24,6 +24,11 @@ function goToSignedInPage(
     params.append("organization", props.organization);
   }
 
+  // required to show conditional UI for device flow
+  if (props.requestId) {
+    params.append("requestId", props.requestId);
+  }
+
   return `/signedin?` + params;
 }