chore: move the go code into a subfolder

apps/api/internal/idp/providers/oidc/session.go

@@ -0,0 +1,157 @@
+package oidc
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/zitadel/oidc/v3/pkg/client/rp"
+	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/idp"
+	"github.com/zitadel/zitadel/internal/idp/providers/oauth"
+)
+
+var ErrCodeMissing = errors.New("no auth code provided")
+
+var _ idp.Session = (*Session)(nil)
+
+// Session is the [idp.Session] implementation for the OIDC provider.
+type Session struct {
+	Provider     *Provider
+	AuthURL      string
+	CodeVerifier string
+	Code         string
+	Tokens       *oidc.Tokens[*oidc.IDTokenClaims]
+}
+
+func NewSession(provider *Provider, code string, idpArguments map[string]any) *Session {
+	verifier, _ := idpArguments[oauth.CodeVerifier].(string)
+	return &Session{Provider: provider, Code: code, CodeVerifier: verifier}
+}
+
+// GetAuth implements the [idp.Session] interface.
+func (s *Session) GetAuth(ctx context.Context) (idp.Auth, error) {
+	return idp.Redirect(s.AuthURL)
+}
+
+// PersistentParameters implements the [idp.Session] interface.
+func (s *Session) PersistentParameters() map[string]any {
+	if s.CodeVerifier == "" {
+		return nil
+	}
+	return map[string]any{oauth.CodeVerifier: s.CodeVerifier}
+}
+
+// FetchUser implements the [idp.Session] interface.
+// It will execute an OIDC code exchange if needed to retrieve the tokens,
+// call the userinfo endpoint and map the received information into an [idp.User].
+func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) {
+	if s.Tokens == nil {
+		if err = s.Authorize(ctx); err != nil {
+			return nil, err
+		}
+	}
+
+	var info *oidc.UserInfo
+	if s.Provider.useIDToken {
+		info = s.Tokens.IDTokenClaims.GetUserInfo()
+	} else {
+		info, err = rp.Userinfo[*oidc.UserInfo](ctx,
+			s.Tokens.AccessToken,
+			s.Tokens.TokenType,
+			s.Tokens.IDTokenClaims.GetSubject(),
+			s.Provider.RelyingParty,
+		)
+		if err != nil {
+			return nil, err
+		}
+	}
+	u := s.Provider.userInfoMapper(info)
+	return u, nil
+}
+
+func (s *Session) ExpiresAt() time.Time {
+	if s.Tokens == nil {
+		return time.Time{}
+	}
+	return s.Tokens.Expiry
+}
+
+func (s *Session) Authorize(ctx context.Context) (err error) {
+	if s.Code == "" {
+		return ErrCodeMissing
+	}
+	var opts []rp.CodeExchangeOpt
+	if s.CodeVerifier != "" {
+		opts = append(opts, rp.WithCodeVerifier(s.CodeVerifier))
+	}
+	s.Tokens, err = rp.CodeExchange[*oidc.IDTokenClaims](ctx, s.Code, s.Provider.RelyingParty, opts...)
+	return err
+}
+
+func NewUser(info *oidc.UserInfo) *User {
+	return &User{UserInfo: info}
+}
+
+func InitUser() *User {
+	return &User{UserInfo: &oidc.UserInfo{}}
+}
+
+type User struct {
+	*oidc.UserInfo
+}
+
+func (u *User) GetID() string {
+	return u.Subject
+}
+
+func (u *User) GetFirstName() string {
+	return u.GivenName
+}
+
+func (u *User) GetLastName() string {
+	return u.FamilyName
+}
+
+func (u *User) GetDisplayName() string {
+	return u.Name
+}
+
+func (u *User) GetNickname() string {
+	return u.Nickname
+}
+
+func (u *User) GetPreferredUsername() string {
+	return u.PreferredUsername
+}
+
+func (u *User) GetEmail() domain.EmailAddress {
+	return domain.EmailAddress(u.UserInfo.Email)
+}
+
+func (u *User) IsEmailVerified() bool {
+	return bool(u.EmailVerified)
+}
+
+func (u *User) GetPhone() domain.PhoneNumber {
+	return domain.PhoneNumber(u.PhoneNumber)
+}
+
+func (u *User) IsPhoneVerified() bool {
+	return u.PhoneNumberVerified
+}
+
+func (u *User) GetPreferredLanguage() language.Tag {
+	return u.Locale.Tag()
+}
+
+func (u *User) GetAvatarURL() string {
+	return u.Picture
+}
+
+func (u *User) GetProfile() string {
+	return u.Profile
+}