fix: provide domain in session, passkey and u2f (#6097)

This fix provides a possibility to pass a domain on the session, which
will be used (as rpID) to create a passkey / u2f assertion and
attestation. This is useful in cases where the login UI is served under
a different domain / origin than the ZITADEL API.

internal/query/sessions_test.go

@@ -17,45 +17,47 @@ import (
 )
 
 var (
-	expectedSessionQuery = regexp.QuoteMeta(`SELECT projections.sessions2.id,` +
-		` projections.sessions2.creation_date,` +
-		` projections.sessions2.change_date,` +
-		` projections.sessions2.sequence,` +
-		` projections.sessions2.state,` +
-		` projections.sessions2.resource_owner,` +
-		` projections.sessions2.creator,` +
-		` projections.sessions2.user_id,` +
-		` projections.sessions2.user_checked_at,` +
+	expectedSessionQuery = regexp.QuoteMeta(`SELECT projections.sessions3.id,` +
+		` projections.sessions3.creation_date,` +
+		` projections.sessions3.change_date,` +
+		` projections.sessions3.sequence,` +
+		` projections.sessions3.state,` +
+		` projections.sessions3.resource_owner,` +
+		` projections.sessions3.creator,` +
+		` projections.sessions3.domain,` +
+		` projections.sessions3.user_id,` +
+		` projections.sessions3.user_checked_at,` +
 		` projections.login_names2.login_name,` +
 		` projections.users8_humans.display_name,` +
-		` projections.sessions2.password_checked_at,` +
-		` projections.sessions2.intent_checked_at,` +
-		` projections.sessions2.passkey_checked_at,` +
-		` projections.sessions2.metadata,` +
-		` projections.sessions2.token_id` +
-		` FROM projections.sessions2` +
-		` LEFT JOIN projections.login_names2 ON projections.sessions2.user_id = projections.login_names2.user_id AND projections.sessions2.instance_id = projections.login_names2.instance_id` +
-		` LEFT JOIN projections.users8_humans ON projections.sessions2.user_id = projections.users8_humans.user_id AND projections.sessions2.instance_id = projections.users8_humans.instance_id` +
+		` projections.sessions3.password_checked_at,` +
+		` projections.sessions3.intent_checked_at,` +
+		` projections.sessions3.passkey_checked_at,` +
+		` projections.sessions3.metadata,` +
+		` projections.sessions3.token_id` +
+		` FROM projections.sessions3` +
+		` LEFT JOIN projections.login_names2 ON projections.sessions3.user_id = projections.login_names2.user_id AND projections.sessions3.instance_id = projections.login_names2.instance_id` +
+		` LEFT JOIN projections.users8_humans ON projections.sessions3.user_id = projections.users8_humans.user_id AND projections.sessions3.instance_id = projections.users8_humans.instance_id` +
 		` AS OF SYSTEM TIME '-1 ms'`)
-	expectedSessionsQuery = regexp.QuoteMeta(`SELECT projections.sessions2.id,` +
-		` projections.sessions2.creation_date,` +
-		` projections.sessions2.change_date,` +
-		` projections.sessions2.sequence,` +
-		` projections.sessions2.state,` +
-		` projections.sessions2.resource_owner,` +
-		` projections.sessions2.creator,` +
-		` projections.sessions2.user_id,` +
-		` projections.sessions2.user_checked_at,` +
+	expectedSessionsQuery = regexp.QuoteMeta(`SELECT projections.sessions3.id,` +
+		` projections.sessions3.creation_date,` +
+		` projections.sessions3.change_date,` +
+		` projections.sessions3.sequence,` +
+		` projections.sessions3.state,` +
+		` projections.sessions3.resource_owner,` +
+		` projections.sessions3.creator,` +
+		` projections.sessions3.domain,` +
+		` projections.sessions3.user_id,` +
+		` projections.sessions3.user_checked_at,` +
 		` projections.login_names2.login_name,` +
 		` projections.users8_humans.display_name,` +
-		` projections.sessions2.password_checked_at,` +
-		` projections.sessions2.intent_checked_at,` +
-		` projections.sessions2.passkey_checked_at,` +
-		` projections.sessions2.metadata,` +
+		` projections.sessions3.password_checked_at,` +
+		` projections.sessions3.intent_checked_at,` +
+		` projections.sessions3.passkey_checked_at,` +
+		` projections.sessions3.metadata,` +
 		` COUNT(*) OVER ()` +
-		` FROM projections.sessions2` +
-		` LEFT JOIN projections.login_names2 ON projections.sessions2.user_id = projections.login_names2.user_id AND projections.sessions2.instance_id = projections.login_names2.instance_id` +
-		` LEFT JOIN projections.users8_humans ON projections.sessions2.user_id = projections.users8_humans.user_id AND projections.sessions2.instance_id = projections.users8_humans.instance_id` +
+		` FROM projections.sessions3` +
+		` LEFT JOIN projections.login_names2 ON projections.sessions3.user_id = projections.login_names2.user_id AND projections.sessions3.instance_id = projections.login_names2.instance_id` +
+		` LEFT JOIN projections.users8_humans ON projections.sessions3.user_id = projections.users8_humans.user_id AND projections.sessions3.instance_id = projections.users8_humans.instance_id` +
 		` AS OF SYSTEM TIME '-1 ms'`)
 
 	sessionCols = []string{
@@ -66,6 +68,7 @@ var (
 		"state",
 		"resource_owner",
 		"creator",
+		"domain",
 		"user_id",
 		"user_checked_at",
 		"login_name",
@@ -85,6 +88,7 @@ var (
 		"state",
 		"resource_owner",
 		"creator",
+		"domain",
 		"user_id",
 		"user_checked_at",
 		"login_name",
@@ -136,6 +140,7 @@ func Test_SessionsPrepare(t *testing.T) {
 							domain.SessionStateActive,
 							"ro",
 							"creator",
+							"domain",
 							"user-id",
 							testNow,
 							"login-name",
@@ -161,6 +166,7 @@ func Test_SessionsPrepare(t *testing.T) {
 						State:         domain.SessionStateActive,
 						ResourceOwner: "ro",
 						Creator:       "creator",
+						Domain:        "domain",
 						UserFactor: SessionUserFactor{
 							UserID:        "user-id",
 							UserCheckedAt: testNow,
@@ -199,6 +205,7 @@ func Test_SessionsPrepare(t *testing.T) {
 							domain.SessionStateActive,
 							"ro",
 							"creator",
+							"domain",
 							"user-id",
 							testNow,
 							"login-name",
@@ -216,6 +223,7 @@ func Test_SessionsPrepare(t *testing.T) {
 							domain.SessionStateActive,
 							"ro",
 							"creator2",
+							"domain",
 							"user-id2",
 							testNow,
 							"login-name2",
@@ -241,6 +249,7 @@ func Test_SessionsPrepare(t *testing.T) {
 						State:         domain.SessionStateActive,
 						ResourceOwner: "ro",
 						Creator:       "creator",
+						Domain:        "domain",
 						UserFactor: SessionUserFactor{
 							UserID:        "user-id",
 							UserCheckedAt: testNow,
@@ -268,6 +277,7 @@ func Test_SessionsPrepare(t *testing.T) {
 						State:         domain.SessionStateActive,
 						ResourceOwner: "ro",
 						Creator:       "creator2",
+						Domain:        "domain",
 						UserFactor: SessionUserFactor{
 							UserID:        "user-id2",
 							UserCheckedAt: testNow,
@@ -359,6 +369,7 @@ func Test_SessionPrepare(t *testing.T) {
 						domain.SessionStateActive,
 						"ro",
 						"creator",
+						"domain",
 						"user-id",
 						testNow,
 						"login-name",
@@ -379,6 +390,7 @@ func Test_SessionPrepare(t *testing.T) {
 				State:         domain.SessionStateActive,
 				ResourceOwner: "ro",
 				Creator:       "creator",
+				Domain:        "domain",
 				UserFactor: SessionUserFactor{
 					UserID:        "user-id",
 					UserCheckedAt: testNow,