fix(oidc apps): correctly remove last additional origin, redirect uri and post logout redirect uri (#9209)

# Which Problems Are Solved

A customer reached out to support, that the (last) `additional origin`
could not be removed. While testing / implementation it was discovered,
that the same applied to `redirect_uris` and `post_logout_redirect_uris`

# How the Problems Are Solved

- Correctly set the corresponding array to empty in the event so it can
be differentiated to `null` / not set in case of no change.

# Additional Changes

Replaced `reflect.DeepEqual` with `slices.Equal`

# Additional Context

- Reported to support

internal/command/project_application_oidc_model.go

@@ -2,7 +2,7 @@ package command
 
 import (
 	"context"
-	"reflect"
+	"slices"
 	"time"
 
 	"github.com/zitadel/zitadel/internal/crypto"
@@ -276,13 +276,13 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	changes := make([]project.OIDCConfigChanges, 0)
 	var err error
 
-	if !reflect.DeepEqual(wm.RedirectUris, redirectURIS) {
+	if !slices.Equal(wm.RedirectUris, redirectURIS) {
 		changes = append(changes, project.ChangeRedirectURIs(redirectURIS))
 	}
-	if !reflect.DeepEqual(wm.ResponseTypes, responseTypes) {
+	if !slices.Equal(wm.ResponseTypes, responseTypes) {
 		changes = append(changes, project.ChangeResponseTypes(responseTypes))
 	}
-	if !reflect.DeepEqual(wm.GrantTypes, grantTypes) {
+	if !slices.Equal(wm.GrantTypes, grantTypes) {
 		changes = append(changes, project.ChangeGrantTypes(grantTypes))
 	}
 	if wm.ApplicationType != appType {
@@ -291,7 +291,7 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	if wm.AuthMethodType != authMethodType {
 		changes = append(changes, project.ChangeAuthMethodType(authMethodType))
 	}
-	if !reflect.DeepEqual(wm.PostLogoutRedirectUris, postLogoutRedirectURIs) {
+	if !slices.Equal(wm.PostLogoutRedirectUris, postLogoutRedirectURIs) {
 		changes = append(changes, project.ChangePostLogoutRedirectURIs(postLogoutRedirectURIs))
 	}
 	if wm.OIDCVersion != oidcVersion {
@@ -315,7 +315,7 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	if wm.ClockSkew != clockSkew {
 		changes = append(changes, project.ChangeClockSkew(clockSkew))
 	}
-	if !reflect.DeepEqual(wm.AdditionalOrigins, additionalOrigins) {
+	if !slices.Equal(wm.AdditionalOrigins, additionalOrigins) {
 		changes = append(changes, project.ChangeAdditionalOrigins(additionalOrigins))
 	}
 	if wm.SkipNativeAppSuccessPage != skipNativeAppSuccessPage {

internal/repository/project/oidc_config.go

@@ -284,6 +284,10 @@ func ChangeVersion(version domain.OIDCVersion) func(event *OIDCConfigChangedEven
 
 func ChangeRedirectURIs(uris []string) func(event *OIDCConfigChangedEvent) {
 	return func(e *OIDCConfigChangedEvent) {
+		if uris == nil {
+			// explicitly set them to empty so we can differentiate "not set" in the event in case of no changes
+			uris = make([]string, 0)
+		}
 		e.RedirectUris = &uris
 	}
 }
@@ -314,6 +318,10 @@ func ChangeAuthMethodType(authMethodType domain.OIDCAuthMethodType) func(event *
 
 func ChangePostLogoutRedirectURIs(logoutRedirects []string) func(event *OIDCConfigChangedEvent) {
 	return func(e *OIDCConfigChangedEvent) {
+		if logoutRedirects == nil {
+			// explicitly set them to empty so we can differentiate "not set" in the event in case of no changes
+			logoutRedirects = make([]string, 0)
+		}
 		e.PostLogoutRedirectUris = &logoutRedirects
 	}
 }
@@ -356,6 +364,10 @@ func ChangeClockSkew(clockSkew time.Duration) func(event *OIDCConfigChangedEvent
 
 func ChangeAdditionalOrigins(additionalOrigins []string) func(event *OIDCConfigChangedEvent) {
 	return func(e *OIDCConfigChangedEvent) {
+		if additionalOrigins == nil {
+			// explicitly set them to empty so we can differentiate "not set" in the event in case of no changes
+			additionalOrigins = make([]string, 0)
+		}
 		e.AdditionalOrigins = &additionalOrigins
 	}
 }