feat: jwt as idp (#2363)

* feat: jwt idp * feat: command side * feat: add tests * fill idp views with jwt idps and return apis * add jwtEndpoint to jwt idp * begin jwt request handling * merge * handle jwt idp * cleanup * fixes * autoregister * get token from specific header name * error handling * fix texts * handle renderExternalNotFoundOption Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2025-08-12 00:17:32 +00:00 · 2021-09-14 15:15:01 +02:00
parent 4e1d42259c
commit b6b5b1b782
54 changed files with 2575 additions and 71 deletions
--- a/internal/command/org_idp_jwt_config_model.go
+++ b/internal/command/org_idp_jwt_config_model.go
@@ -0,0 +1,115 @@
+package command
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/repository/idpconfig"
+	"github.com/caos/zitadel/internal/repository/org"
+)
+
+type IDPJWTConfigWriteModel struct {
+	JWTConfigWriteModel
+}
+
+func NewOrgIDPJWTConfigWriteModel(idpConfigID, orgID string) *IDPJWTConfigWriteModel {
+	return &IDPJWTConfigWriteModel{
+		JWTConfigWriteModel{
+			WriteModel: eventstore.WriteModel{
+				AggregateID:   orgID,
+				ResourceOwner: orgID,
+			},
+			IDPConfigID: idpConfigID,
+		},
+	}
+}
+
+func (wm *IDPJWTConfigWriteModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *org.IDPJWTConfigAddedEvent:
+			if wm.IDPConfigID != e.IDPConfigID {
+				continue
+			}
+			wm.JWTConfigWriteModel.AppendEvents(&e.JWTConfigAddedEvent)
+		case *org.IDPJWTConfigChangedEvent:
+			if wm.IDPConfigID != e.IDPConfigID {
+				continue
+			}
+			wm.JWTConfigWriteModel.AppendEvents(&e.JWTConfigChangedEvent)
+		case *org.IDPConfigReactivatedEvent:
+			if wm.IDPConfigID != e.ConfigID {
+				continue
+			}
+			wm.JWTConfigWriteModel.AppendEvents(&e.IDPConfigReactivatedEvent)
+		case *org.IDPConfigDeactivatedEvent:
+			if wm.IDPConfigID != e.ConfigID {
+				continue
+			}
+			wm.JWTConfigWriteModel.AppendEvents(&e.IDPConfigDeactivatedEvent)
+		case *org.IDPConfigRemovedEvent:
+			if wm.IDPConfigID != e.ConfigID {
+				continue
+			}
+			wm.JWTConfigWriteModel.AppendEvents(&e.IDPConfigRemovedEvent)
+		default:
+			wm.JWTConfigWriteModel.AppendEvents(e)
+		}
+	}
+}
+
+func (wm *IDPJWTConfigWriteModel) Reduce() error {
+	if err := wm.JWTConfigWriteModel.Reduce(); err != nil {
+		return err
+	}
+	return wm.WriteModel.Reduce()
+}
+
+func (wm *IDPJWTConfigWriteModel) Query() *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		ResourceOwner(wm.ResourceOwner).
+		AddQuery().
+		AggregateTypes(org.AggregateType).
+		AggregateIDs(wm.AggregateID).
+		EventTypes(
+			org.IDPJWTConfigAddedEventType,
+			org.IDPJWTConfigChangedEventType,
+			org.IDPConfigReactivatedEventType,
+			org.IDPConfigDeactivatedEventType,
+			org.IDPConfigRemovedEventType).
+		Builder()
+}
+
+func (wm *IDPJWTConfigWriteModel) NewChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	idpConfigID,
+	jwtEndpoint,
+	issuer,
+	keysEndpoint,
+	headerName string,
+) (*org.IDPJWTConfigChangedEvent, bool, error) {
+
+	changes := make([]idpconfig.JWTConfigChanges, 0)
+	if wm.JWTEndpoint != jwtEndpoint {
+		changes = append(changes, idpconfig.ChangeJWTEndpoint(jwtEndpoint))
+	}
+	if wm.Issuer != issuer {
+		changes = append(changes, idpconfig.ChangeJWTIssuer(issuer))
+	}
+	if wm.KeysEndpoint != keysEndpoint {
+		changes = append(changes, idpconfig.ChangeKeysEndpoint(keysEndpoint))
+	}
+	if wm.HeaderName != headerName {
+		changes = append(changes, idpconfig.ChangeHeaderName(headerName))
+	}
+	if len(changes) == 0 {
+		return nil, false, nil
+	}
+	changeEvent, err := org.NewIDPJWTConfigChangedEvent(ctx, aggregate, idpConfigID, changes)
+	if err != nil {
+		return nil, false, err
+	}
+	return changeEvent, true, nil
+}