fix(scim): add type attribute to ScimEmail (#9690)

# Which Problems Are Solved - SCIM PATCH operations for users from Entra ID for the `emails` attribute fails due to missing `type` subattribute # How the Problems Are Solved - Adds the `type` attribute to the `ScimUser` struct and sets the default value to `"work"` in the `mapWriteModelToScimUser()` method. # Additional Changes # Additional Context The SCIM handlers for POST and PUT ignore multiple emails and only uses the primary email for a given user, or falls back to the first email if none are marked as primary. PATCH operations however, will attempt to resolve the provided filter in `operations[].path`. Some services, such as Entra ID, only support patching emails by filtering for `emails[type eq "(work|home|other)"].value`, which fails with Zitadel as the ScimUser struct (and thus the generated schema) doesn't include the `type` field. This commit adds the `type` field to work around this issue, while still preserving compatibility with filters such as `emails[primary eq true].value`. - https://discord.com/channels/927474939156643850/927866013545025566/1356556668527448191 --------- Co-authored-by: Christer Edvartsen <christer.edvartsen@nav.no> Co-authored-by: Thomas Siegfried Krampl <thomas.siegfried.krampl@nav.no> (cherry picked from commit 3a4298c179)
2025-12-06 19:36:41 +00:00 · 2025-06-19 11:42:44 +02:00
parent 056399bdb4
commit c2c49679cb
12 changed files with 135 additions and 2 deletions
--- a/internal/api/scim/integration_test/testdata/service_provider_config_expected_schemas.json
+++ b/internal/api/scim/integration_test/testdata/service_provider_config_expected_schemas.json
@@ -233,6 +233,17 @@
              "mutability": "readWrite",
              "returned": "always",
              "uniqueness": "none"
+            },
+            {
+              "name": "type",
+              "description": "For details see RFC7643",
+              "type": "string",
+              "multiValued": false,
+              "required": false,
+              "caseExact": true,
+              "mutability": "readWrite",
+              "returned": "always",
+              "uniqueness": "none"
            }
          ],
          "multiValued": true,
--- a/internal/api/scim/integration_test/testdata/service_provider_config_expected_user_schema.json
+++ b/internal/api/scim/integration_test/testdata/service_provider_config_expected_user_schema.json
@@ -225,6 +225,17 @@
          "mutability": "readWrite",
          "returned": "always",
          "uniqueness": "none"
+        },
+        {
+          "name": "type",
+          "description": "For details see RFC7643",
+          "type": "string",
+          "multiValued": false,
+          "required": false,
+          "caseExact": true,
+          "mutability": "readWrite",
+          "returned": "always",
+          "uniqueness": "none"
        }
      ],
      "multiValued": true,
--- a/internal/api/scim/integration_test/testdata/users_replace_test_minimal_with_email_type.json
+++ b/internal/api/scim/integration_test/testdata/users_replace_test_minimal_with_email_type.json
@@ -0,0 +1,17 @@
+{
+  "schemas": [
+    "urn:ietf:params:scim:schemas:core:2.0:User"
+  ],
+  "userName": "acmeUser1-minimal-replaced",
+  "name": {
+    "familyName": "Ross-replaced",
+    "givenName": "Bethany-replaced"
+  },
+  "emails": [
+    {
+      "value": "user1-minimal-replaced@example.com",
+      "primary": true,
+      "type": "work"
+    }
+  ]
+}