feat: jwt as idp (#2363)

* feat: jwt idp * feat: command side * feat: add tests * fill idp views with jwt idps and return apis * add jwtEndpoint to jwt idp * begin jwt request handling * merge * handle jwt idp * cleanup * fixes * autoregister * get token from specific header name * error handling * fix texts * handle renderExternalNotFoundOption Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2025-08-12 05:07:31 +00:00 · 2021-09-14 15:15:01 +02:00
parent 4e1d42259c
commit b6b5b1b782
54 changed files with 2575 additions and 71 deletions
--- a/internal/query/converter.go
+++ b/internal/query/converter.go
@@ -48,6 +48,11 @@ func readModelToIDPConfigView(rm *IAMIDPConfigReadModel) *domain.IDPConfigView {
 		converted.OAuthAuthorizationEndpoint = rm.OIDCConfig.AuthorizationEndpoint
 		converted.OAuthTokenEndpoint = rm.OIDCConfig.TokenEndpoint
 	}
+	if rm.JWTConfig != nil {
+		converted.JWTEndpoint = rm.JWTConfig.JWTEndpoint
+		converted.JWTIssuer = rm.JWTConfig.Issuer
+		converted.JWTKeysEndpoint = rm.JWTConfig.KeysEndpoint
+	}
 	return converted
 }

@@ -138,14 +143,20 @@ func readModelToIDPConfigs(rm *IAMIDPConfigsReadModel) []*model.IDPConfig {
 }

 func readModelToIDPConfig(rm *IAMIDPConfigReadModel) *model.IDPConfig {
-	return &model.IDPConfig{
+	config := &model.IDPConfig{
 		ObjectRoot:  readModelToObjectRoot(rm.ReadModel),
-		OIDCConfig:  readModelToIDPOIDCConfig(rm.OIDCConfig),
 		IDPConfigID: rm.ConfigID,
 		Name:        rm.Name,
 		State:       model.IDPConfigState(rm.State),
 		StylingType: model.IDPStylingType(rm.StylingType),
 	}
+	if rm.OIDCConfig != nil {
+		config.OIDCConfig = readModelToIDPOIDCConfig(rm.OIDCConfig)
+	}
+	if rm.JWTConfig != nil {
+		config.JWTIDPConfig = readModelToIDPJWTConfig(rm.JWTConfig)
+	}
+	return config
 }

 func readModelToIDPOIDCConfig(rm *OIDCConfigReadModel) *model.OIDCIDPConfig {
@@ -162,6 +173,16 @@ func readModelToIDPOIDCConfig(rm *OIDCConfigReadModel) *model.OIDCIDPConfig {
 	}
 }

+func readModelToIDPJWTConfig(rm *JWTConfigReadModel) *model.JWTIDPConfig {
+	return &model.JWTIDPConfig{
+		ObjectRoot:   readModelToObjectRoot(rm.ReadModel),
+		IDPConfigID:  rm.IDPConfigID,
+		JWTEndpoint:  rm.JWTEndpoint,
+		Issuer:       rm.Issuer,
+		KeysEndpoint: rm.KeysEndpoint,
+	}
+}
+
 func readModelToObjectRoot(readModel eventstore.ReadModel) models.ObjectRoot {
 	return models.ObjectRoot{
 		AggregateID:   readModel.AggregateID,
--- a/internal/query/iam_idp_config_model.go
+++ b/internal/query/iam_idp_config_model.go
@@ -36,6 +36,10 @@ func (rm *IAMIDPConfigReadModel) AppendEvents(events ...eventstore.EventReader)
 			rm.IDPConfigReadModel.AppendEvents(&e.OIDCConfigAddedEvent)
 		case *iam.IDPOIDCConfigChangedEvent:
 			rm.IDPConfigReadModel.AppendEvents(&e.OIDCConfigChangedEvent)
+		case *iam.IDPJWTConfigAddedEvent:
+			rm.IDPConfigReadModel.AppendEvents(&e.JWTConfigAddedEvent)
+		case *iam.IDPJWTConfigChangedEvent:
+			rm.IDPConfigReadModel.AppendEvents(&e.JWTConfigChangedEvent)
 		}
 	}
 }
--- a/internal/query/idp_config_model.go
+++ b/internal/query/idp_config_model.go
@@ -17,6 +17,7 @@ type IDPConfigReadModel struct {
 	ProviderType domain.IdentityProviderType

 	OIDCConfig *OIDCConfigReadModel
+	JWTConfig  *JWTConfigReadModel
 }

 func NewIDPConfigReadModel(configID string) *IDPConfigReadModel {
@@ -45,6 +46,13 @@ func (rm *IDPConfigReadModel) AppendEvents(events ...eventstore.EventReader) {
 		case *idpconfig.OIDCConfigChangedEvent:
 			rm.ReadModel.AppendEvents(e)
 			rm.OIDCConfig.AppendEvents(event)
+		case *idpconfig.JWTConfigAddedEvent:
+			rm.JWTConfig = &JWTConfigReadModel{}
+			rm.ReadModel.AppendEvents(e)
+			rm.JWTConfig.AppendEvents(event)
+		case *idpconfig.JWTConfigChangedEvent:
+			rm.ReadModel.AppendEvents(e)
+			rm.JWTConfig.AppendEvents(event)
 		}
 	}
 }
@@ -70,6 +78,11 @@ func (rm *IDPConfigReadModel) Reduce() error {
 			return err
 		}
 	}
+	if rm.JWTConfig != nil {
+		if err := rm.JWTConfig.Reduce(); err != nil {
+			return err
+		}
+	}
 	return rm.ReadModel.Reduce()
 }

--- a/internal/query/jwt_config_model.go
+++ b/internal/query/jwt_config_model.go
@@ -0,0 +1,47 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/idpconfig"
+)
+
+type JWTConfigReadModel struct {
+	eventstore.ReadModel
+
+	IDPConfigID  string
+	JWTEndpoint  string
+	Issuer       string
+	KeysEndpoint string
+}
+
+func (rm *JWTConfigReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *idpconfig.JWTConfigAddedEvent:
+			rm.reduceConfigAddedEvent(e)
+		case *idpconfig.JWTConfigChangedEvent:
+			rm.reduceConfigChangedEvent(e)
+		}
+	}
+
+	return rm.ReadModel.Reduce()
+}
+
+func (rm *JWTConfigReadModel) reduceConfigAddedEvent(e *idpconfig.JWTConfigAddedEvent) {
+	rm.IDPConfigID = e.IDPConfigID
+	rm.JWTEndpoint = e.JWTEndpoint
+	rm.Issuer = e.Issuer
+	rm.KeysEndpoint = e.KeysEndpoint
+}
+
+func (rm *JWTConfigReadModel) reduceConfigChangedEvent(e *idpconfig.JWTConfigChangedEvent) {
+	if e.JWTEndpoint != nil {
+		rm.JWTEndpoint = *e.JWTEndpoint
+	}
+	if e.Issuer != nil {
+		rm.Issuer = *e.Issuer
+	}
+	if e.KeysEndpoint != nil {
+		rm.KeysEndpoint = *e.KeysEndpoint
+	}
+}