fix: provide domain in session, passkey and u2f (#6097)

This fix provides a possibility to pass a domain on the session, which
will be used (as rpID) to create a passkey / u2f assertion and
attestation. This is useful in cases where the login UI is served under
a different domain / origin than the ZITADEL API.

internal/repository/user/human_mfa_passwordless.go

@@ -39,6 +39,7 @@ func NewHumanPasswordlessAddedEvent(
 	aggregate *eventstore.Aggregate,
 	webAuthNTokenID,
 	challenge string,
+	rpID string,
 ) *HumanPasswordlessAddedEvent {
 	return &HumanPasswordlessAddedEvent{
 		HumanWebAuthNAddedEvent: *NewHumanWebAuthNAddedEvent(
@@ -49,6 +50,7 @@ func NewHumanPasswordlessAddedEvent(
 			),
 			webAuthNTokenID,
 			challenge,
+			rpID,
 		),
 	}
 }

internal/repository/user/human_mfa_u2f.go

@@ -28,6 +28,7 @@ func NewHumanU2FAddedEvent(
 	aggregate *eventstore.Aggregate,
 	webAuthNTokenID,
 	challenge string,
+	rpID string,
 ) *HumanU2FAddedEvent {
 	return &HumanU2FAddedEvent{
 		HumanWebAuthNAddedEvent: *NewHumanWebAuthNAddedEvent(
@@ -38,6 +39,7 @@ func NewHumanU2FAddedEvent(
 			),
 			webAuthNTokenID,
 			challenge,
+			rpID,
 		),
 	}
 }

internal/repository/user/human_mfa_web_auth_n.go

@@ -14,6 +14,7 @@ type HumanWebAuthNAddedEvent struct {
 
 	WebAuthNTokenID string `json:"webAuthNTokenId"`
 	Challenge       string `json:"challenge"`
+	RPID            string `json:"rpID,omitempty"`
 }
 
 func (e *HumanWebAuthNAddedEvent) Data() interface{} {
@@ -28,11 +29,13 @@ func NewHumanWebAuthNAddedEvent(
 	base *eventstore.BaseEvent,
 	webAuthNTokenID,
 	challenge string,
+	rpID string,
 ) *HumanWebAuthNAddedEvent {
 	return &HumanWebAuthNAddedEvent{
 		BaseEvent:       *base,
 		WebAuthNTokenID: webAuthNTokenID,
 		Challenge:       challenge,
+		RPID:            rpID,
 	}
 }