From c9aa5db2a55ef3c4f6fb62292b69b01973b264e7 Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Wed, 22 Jan 2025 08:37:37 +0100
Subject: [PATCH] fix(oidc apps): correctly remove last additional origin,
 redirect uri and post logout redirect uri (#9209)

# Which Problems Are Solved

A customer reached out to support, that the (last) `additional origin`
could not be removed. While testing / implementation it was discovered,
that the same applied to `redirect_uris` and `post_logout_redirect_uris`

# How the Problems Are Solved

- Correctly set the corresponding array to empty in the event so it can
be differentiated to `null` / not set in case of no change.

# Additional Changes

Replaced `reflect.DeepEqual` with `slices.Equal`

# Additional Context

- Reported to support
---
 internal/command/project_application_oidc_model.go | 12 ++++++------
 internal/repository/project/oidc_config.go         | 12 ++++++++++++
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/internal/command/project_application_oidc_model.go b/internal/command/project_application_oidc_model.go
index 9471df3760..3fc07c79a9 100644
--- a/internal/command/project_application_oidc_model.go
+++ b/internal/command/project_application_oidc_model.go
@@ -2,7 +2,7 @@ package command
 
 import (
 	"context"
-	"reflect"
+	"slices"
 	"time"
 
 	"github.com/zitadel/zitadel/internal/crypto"
@@ -276,13 +276,13 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	changes := make([]project.OIDCConfigChanges, 0)
 	var err error
 
-	if !reflect.DeepEqual(wm.RedirectUris, redirectURIS) {
+	if !slices.Equal(wm.RedirectUris, redirectURIS) {
 		changes = append(changes, project.ChangeRedirectURIs(redirectURIS))
 	}
-	if !reflect.DeepEqual(wm.ResponseTypes, responseTypes) {
+	if !slices.Equal(wm.ResponseTypes, responseTypes) {
 		changes = append(changes, project.ChangeResponseTypes(responseTypes))
 	}
-	if !reflect.DeepEqual(wm.GrantTypes, grantTypes) {
+	if !slices.Equal(wm.GrantTypes, grantTypes) {
 		changes = append(changes, project.ChangeGrantTypes(grantTypes))
 	}
 	if wm.ApplicationType != appType {
@@ -291,7 +291,7 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	if wm.AuthMethodType != authMethodType {
 		changes = append(changes, project.ChangeAuthMethodType(authMethodType))
 	}
-	if !reflect.DeepEqual(wm.PostLogoutRedirectUris, postLogoutRedirectURIs) {
+	if !slices.Equal(wm.PostLogoutRedirectUris, postLogoutRedirectURIs) {
 		changes = append(changes, project.ChangePostLogoutRedirectURIs(postLogoutRedirectURIs))
 	}
 	if wm.OIDCVersion != oidcVersion {
@@ -315,7 +315,7 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	if wm.ClockSkew != clockSkew {
 		changes = append(changes, project.ChangeClockSkew(clockSkew))
 	}
-	if !reflect.DeepEqual(wm.AdditionalOrigins, additionalOrigins) {
+	if !slices.Equal(wm.AdditionalOrigins, additionalOrigins) {
 		changes = append(changes, project.ChangeAdditionalOrigins(additionalOrigins))
 	}
 	if wm.SkipNativeAppSuccessPage != skipNativeAppSuccessPage {
diff --git a/internal/repository/project/oidc_config.go b/internal/repository/project/oidc_config.go
index 09a5601cfc..8bc918afbe 100644
--- a/internal/repository/project/oidc_config.go
+++ b/internal/repository/project/oidc_config.go
@@ -284,6 +284,10 @@ func ChangeVersion(version domain.OIDCVersion) func(event *OIDCConfigChangedEven
 
 func ChangeRedirectURIs(uris []string) func(event *OIDCConfigChangedEvent) {
 	return func(e *OIDCConfigChangedEvent) {
+		if uris == nil {
+			// explicitly set them to empty so we can differentiate "not set" in the event in case of no changes
+			uris = make([]string, 0)
+		}
 		e.RedirectUris = &uris
 	}
 }
@@ -314,6 +318,10 @@ func ChangeAuthMethodType(authMethodType domain.OIDCAuthMethodType) func(event *
 
 func ChangePostLogoutRedirectURIs(logoutRedirects []string) func(event *OIDCConfigChangedEvent) {
 	return func(e *OIDCConfigChangedEvent) {
+		if logoutRedirects == nil {
+			// explicitly set them to empty so we can differentiate "not set" in the event in case of no changes
+			logoutRedirects = make([]string, 0)
+		}
 		e.PostLogoutRedirectUris = &logoutRedirects
 	}
 }
@@ -356,6 +364,10 @@ func ChangeClockSkew(clockSkew time.Duration) func(event *OIDCConfigChangedEvent
 
 func ChangeAdditionalOrigins(additionalOrigins []string) func(event *OIDCConfigChangedEvent) {
 	return func(e *OIDCConfigChangedEvent) {
+		if additionalOrigins == nil {
+			// explicitly set them to empty so we can differentiate "not set" in the event in case of no changes
+			additionalOrigins = make([]string, 0)
+		}
 		e.AdditionalOrigins = &additionalOrigins
 	}
 }