chore: move the go code into a subfolder

2025-08-12 00:47:33 +00:00 · 2025-08-05 15:20:32 -07:00
parent 4ad22ba456
commit cd2921de26
2978 changed files with 373 additions and 300 deletions
--- a/apps/api/internal/project/model/api_config.go
+++ b/apps/api/internal/project/model/api_config.go
@@ -0,0 +1,22 @@
+package model
+
+import (
+	"github.com/zitadel/zitadel/internal/crypto"
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type APIConfig struct {
+	es_models.ObjectRoot
+	AppID              string
+	ClientID           string
+	ClientSecret       *crypto.CryptoValue
+	ClientSecretString string
+	AuthMethodType     APIAuthMethodType
+}
+
+type APIAuthMethodType int32
+
+const (
+	APIAuthMethodTypeBasic APIAuthMethodType = iota
+	APIAuthMethodTypePrivateKeyJWT
+)
--- a/apps/api/internal/project/model/application.go
+++ b/apps/api/internal/project/model/application.go
@@ -0,0 +1,34 @@
+package model
+
+import (
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type Application struct {
+	es_models.ObjectRoot
+
+	AppID      string
+	State      AppState
+	Name       string
+	Type       AppType
+	OIDCConfig *OIDCConfig
+	APIConfig  *APIConfig
+	SAMLConfig *SAMLConfig
+}
+
+type AppState int32
+
+const (
+	AppStateActive AppState = iota
+	AppStateInactive
+	AppStateRemoved
+)
+
+type AppType int32
+
+const (
+	AppTypeUnspecified AppType = iota
+	AppTypeOIDC
+	AppTypeSAML
+	AppTypeAPI
+)
--- a/apps/api/internal/project/model/oidc_config.go
+++ b/apps/api/internal/project/model/oidc_config.go
@@ -0,0 +1,110 @@
+package model
+
+import (
+	"time"
+
+	"github.com/muhlemmer/gu"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type OIDCConfig struct {
+	es_models.ObjectRoot
+	AppID                    string
+	ClientID                 string
+	ClientSecret             *crypto.CryptoValue
+	ClientSecretString       string
+	RedirectUris             []string
+	ResponseTypes            []OIDCResponseType
+	GrantTypes               []OIDCGrantType
+	ApplicationType          OIDCApplicationType
+	AuthMethodType           OIDCAuthMethodType
+	PostLogoutRedirectUris   []string
+	OIDCVersion              OIDCVersion
+	Compliance               *Compliance
+	DevMode                  bool
+	AccessTokenType          OIDCTokenType
+	AccessTokenRoleAssertion bool
+	IDTokenRoleAssertion     bool
+	IDTokenUserinfoAssertion bool
+	ClockSkew                time.Duration
+}
+
+type OIDCVersion int32
+
+const (
+	OIDCVersionV1 OIDCVersion = iota
+)
+
+type OIDCResponseType int32
+
+const (
+	OIDCResponseTypeCode OIDCResponseType = iota
+	OIDCResponseTypeIDToken
+	OIDCResponseTypeIDTokenToken
+)
+
+type OIDCGrantType int32
+
+const (
+	OIDCGrantTypeAuthorizationCode OIDCGrantType = iota
+	OIDCGrantTypeImplicit
+	OIDCGrantTypeRefreshToken
+)
+
+type OIDCApplicationType int32
+
+const (
+	OIDCApplicationTypeWeb OIDCApplicationType = iota
+	OIDCApplicationTypeUserAgent
+	OIDCApplicationTypeNative
+)
+
+type OIDCAuthMethodType int32
+
+const (
+	OIDCAuthMethodTypeBasic OIDCAuthMethodType = iota
+	OIDCAuthMethodTypePost
+	OIDCAuthMethodTypeNone
+	OIDCAuthMethodTypePrivateKeyJWT
+)
+
+type Compliance struct {
+	NoneCompliant bool
+	Problems      []string
+}
+
+type OIDCTokenType int32
+
+const (
+	OIDCTokenTypeBearer OIDCTokenType = iota
+	OIDCTokenTypeJWT
+)
+
+type Token struct {
+	es_models.ObjectRoot
+
+	TokenID    string
+	ClientID   string
+	Audience   []string
+	Expiration time.Time
+	Scopes     []string
+}
+
+func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTypes []OIDCGrantType, responseTypes []OIDCResponseType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
+	switch version {
+	case OIDCVersionV1:
+		domainGrantTypes := make([]domain.OIDCGrantType, len(grantTypes))
+		for i, grantType := range grantTypes {
+			domainGrantTypes[i] = domain.OIDCGrantType(grantType)
+		}
+		compliance := domain.GetOIDCV1Compliance(gu.Ptr(domain.OIDCApplicationType(appType)), domainGrantTypes, gu.Ptr(domain.OIDCAuthMethodType(authMethod)), redirectUris)
+		return &Compliance{
+			NoneCompliant: compliance.NoneCompliant,
+			Problems:      compliance.Problems,
+		}
+	}
+	return nil
+}
--- a/apps/api/internal/project/model/project.go
+++ b/apps/api/internal/project/model/project.go
@@ -0,0 +1,29 @@
+package model
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type Project struct {
+	es_models.ObjectRoot
+
+	State                  ProjectState
+	Name                   string
+	Members                []*ProjectMember
+	Roles                  []*ProjectRole
+	Applications           []*Application
+	Grants                 []*ProjectGrant
+	ProjectRoleAssertion   bool
+	ProjectRoleCheck       bool
+	HasProjectCheck        bool
+	PrivateLabelingSetting domain.PrivateLabelingSetting
+}
+
+type ProjectState int32
+
+const (
+	ProjectStateActive ProjectState = iota
+	ProjectStateInactive
+	ProjectStateRemoved
+)
--- a/apps/api/internal/project/model/project_grant.go
+++ b/apps/api/internal/project/model/project_grant.go
@@ -0,0 +1,22 @@
+package model
+
+import (
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type ProjectGrant struct {
+	es_models.ObjectRoot
+
+	GrantID      string
+	GrantedOrgID string
+	State        ProjectGrantState
+	RoleKeys     []string
+	Members      []*ProjectGrantMember
+}
+
+type ProjectGrantState int32
+
+const (
+	ProjectGrantStateActive ProjectGrantState = iota
+	ProjectGrantStateInactive
+)
--- a/apps/api/internal/project/model/project_grant_member.go
+++ b/apps/api/internal/project/model/project_grant_member.go
@@ -0,0 +1,10 @@
+package model
+
+import es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+
+type ProjectGrantMember struct {
+	es_models.ObjectRoot
+	GrantID string
+	UserID  string
+	Roles   []string
+}
--- a/apps/api/internal/project/model/project_member.go
+++ b/apps/api/internal/project/model/project_member.go
@@ -0,0 +1,10 @@
+package model
+
+import es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+
+type ProjectMember struct {
+	es_models.ObjectRoot
+
+	UserID string
+	Roles  []string
+}
--- a/apps/api/internal/project/model/project_role.go
+++ b/apps/api/internal/project/model/project_role.go
@@ -0,0 +1,11 @@
+package model
+
+import es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+
+type ProjectRole struct {
+	es_models.ObjectRoot
+
+	Key         string
+	DisplayName string
+	Group       string
+}
--- a/apps/api/internal/project/model/saml_config.go
+++ b/apps/api/internal/project/model/saml_config.go
@@ -0,0 +1,12 @@
+package model
+
+import (
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type SAMLConfig struct {
+	es_models.ObjectRoot
+	AppID       string
+	Metadata    []byte
+	MetadataURL string
+}
--- a/apps/api/internal/project/repository/eventsourcing/model/api_config.go
+++ b/apps/api/internal/project/repository/eventsourcing/model/api_config.go
@@ -0,0 +1,37 @@
+package model
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type APIConfig struct {
+	es_models.ObjectRoot
+	AppID          string              `json:"appId"`
+	ClientID       string              `json:"clientId,omitempty"`
+	ClientSecret   *crypto.CryptoValue `json:"clientSecret,omitempty"`
+	AuthMethodType int32               `json:"authMethodType,omitempty"`
+	ClientKeys     []*ClientKey        `json:"-"`
+}
+
+func (c *APIConfig) Changes(changed *APIConfig) map[string]interface{} {
+	changes := make(map[string]interface{}, 1)
+	changes["appId"] = c.AppID
+	if c.AuthMethodType != changed.AuthMethodType {
+		changes["authMethodType"] = changed.AuthMethodType
+	}
+	return changes
+}
+
+func (o *APIConfig) setData(event *es_models.Event) error {
+	o.ObjectRoot.AppendEvent(event)
+	if err := json.Unmarshal(event.Data, o); err != nil {
+		logging.Log("EVEN-d8e3s").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
--- a/apps/api/internal/project/repository/eventsourcing/model/application.go
+++ b/apps/api/internal/project/repository/eventsourcing/model/application.go
@@ -0,0 +1,34 @@
+package model
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/logging"
+
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type Application struct {
+	es_models.ObjectRoot
+	AppID      string      `json:"appId"`
+	State      int32       `json:"-"`
+	Name       string      `json:"name,omitempty"`
+	Type       int32       `json:"appType,omitempty"`
+	OIDCConfig *OIDCConfig `json:"-"`
+	APIConfig  *APIConfig  `json:"-"`
+	SAMLConfig *SAMLConfig `json:"-"`
+}
+
+type ApplicationID struct {
+	es_models.ObjectRoot
+	AppID string `json:"appId"`
+}
+
+func (a *Application) setData(event *es_models.Event) error {
+	a.ObjectRoot.AppendEvent(event)
+	if err := json.Unmarshal(event.Data, a); err != nil {
+		logging.Log("EVEN-8die3").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
--- a/apps/api/internal/project/repository/eventsourcing/model/oidc_config.go
+++ b/apps/api/internal/project/repository/eventsourcing/model/oidc_config.go
@@ -0,0 +1,100 @@
+package model
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/repository/project"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type OIDCConfig struct {
+	es_models.ObjectRoot
+	Version                  int32               `json:"oidcVersion,omitempty"`
+	AppID                    string              `json:"appId"`
+	ClientID                 string              `json:"clientId,omitempty"`
+	ClientSecret             *crypto.CryptoValue `json:"clientSecret,omitempty"`
+	RedirectUris             []string            `json:"redirectUris,omitempty"`
+	ResponseTypes            []int32             `json:"responseTypes,omitempty"`
+	GrantTypes               []int32             `json:"grantTypes,omitempty"`
+	ApplicationType          int32               `json:"applicationType,omitempty"`
+	AuthMethodType           int32               `json:"authMethodType,omitempty"`
+	PostLogoutRedirectUris   []string            `json:"postLogoutRedirectUris,omitempty"`
+	DevMode                  bool                `json:"devMode,omitempty"`
+	AccessTokenType          int32               `json:"accessTokenType,omitempty"`
+	AccessTokenRoleAssertion bool                `json:"accessTokenRoleAssertion,omitempty"`
+	IDTokenRoleAssertion     bool                `json:"idTokenRoleAssertion,omitempty"`
+	IDTokenUserinfoAssertion bool                `json:"idTokenUserinfoAssertion,omitempty"`
+	ClockSkew                time.Duration       `json:"clockSkew,omitempty"`
+	ClientKeys               []*ClientKey        `json:"-"`
+}
+
+func (o *OIDCConfig) setData(event *es_models.Event) error {
+	o.ObjectRoot.AppendEvent(event)
+	if err := json.Unmarshal(event.Data, o); err != nil {
+		logging.Log("EVEN-d8e3s").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
+
+type ClientKey struct {
+	es_models.ObjectRoot `json:"-"`
+	ApplicationID        string    `json:"applicationId,omitempty"`
+	ClientID             string    `json:"clientId,omitempty"`
+	KeyID                string    `json:"keyId,omitempty"`
+	Type                 int32     `json:"type,omitempty"`
+	ExpirationDate       time.Time `json:"expirationDate,omitempty"`
+	PublicKey            []byte    `json:"publicKey,omitempty"`
+	privateKey           []byte
+}
+
+func (key *ClientKey) SetData(event *es_models.Event) error {
+	key.ObjectRoot.AppendEvent(event)
+	if err := json.Unmarshal(event.Data, key); err != nil {
+		logging.Log("EVEN-SADdg").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
+
+func (key *ClientKey) AppendEvents(events ...*es_models.Event) error {
+	for _, event := range events {
+		err := key.AppendEvent(event)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (key *ClientKey) AppendEvent(event *es_models.Event) (err error) {
+	key.ObjectRoot.AppendEvent(event)
+	switch event.Type() {
+	case project.ApplicationKeyAddedEventType:
+		err = json.Unmarshal(event.Data, key)
+		if err != nil {
+			return zerrors.ThrowInternal(err, "MODEL-Fetg3", "Errors.Internal")
+		}
+	case project.ApplicationKeyRemovedEventType:
+		key.ExpirationDate = event.CreationDate
+	}
+	return err
+}
+
+func (key *ClientKey) GenerateClientKeyPair(keySize int) error {
+	privateKey, publicKey, err := crypto.GenerateKeyPair(keySize)
+	if err != nil {
+		return err
+	}
+	key.PublicKey, err = crypto.PublicKeyToBytes(publicKey)
+	if err != nil {
+		return err
+	}
+	key.privateKey = crypto.PrivateKeyToBytes(privateKey)
+	return nil
+}
--- a/apps/api/internal/project/repository/eventsourcing/model/project.go
+++ b/apps/api/internal/project/repository/eventsourcing/model/project.go
@@ -0,0 +1,131 @@
+package model
+
+import (
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/project/model"
+	"github.com/zitadel/zitadel/internal/repository/project"
+)
+
+type Project struct {
+	es_models.ObjectRoot
+	Name                 string `json:"name,omitempty"`
+	ProjectRoleAssertion bool   `json:"projectRoleAssertion,omitempty"`
+	ProjectRoleCheck     bool   `json:"projectRoleCheck,omitempty"`
+	HasProjectCheck      bool   `json:"hasProjectCheck,omitempty"`
+	State                int32  `json:"-"`
+	OIDCApplications     []*oidcApp
+}
+
+type oidcApp struct {
+	AppID    string `json:"appId"`
+	ClientID string `json:"clientId,omitempty"`
+}
+
+func ProjectToModel(project *Project) *model.Project {
+	apps := make([]*model.Application, len(project.OIDCApplications))
+	for i, application := range project.OIDCApplications {
+		apps[i] = &model.Application{OIDCConfig: &model.OIDCConfig{ClientID: application.ClientID}}
+	}
+	return &model.Project{
+		ObjectRoot:           project.ObjectRoot,
+		Name:                 project.Name,
+		ProjectRoleAssertion: project.ProjectRoleAssertion,
+		ProjectRoleCheck:     project.ProjectRoleCheck,
+		State:                model.ProjectState(project.State),
+		Applications:         apps,
+	}
+}
+
+func ProjectFromEvents(project *Project, events ...eventstore.Event) (*Project, error) {
+	if project == nil {
+		project = &Project{}
+	}
+
+	return project, project.AppendEvents(events...)
+}
+
+func (p *Project) AppendEvents(events ...eventstore.Event) error {
+	for _, event := range events {
+		if err := p.AppendEvent(event); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (p *Project) AppendEvent(event eventstore.Event) error {
+	p.ObjectRoot.AppendEvent(event)
+
+	switch event.Type() {
+	case project.ProjectAddedType, project.ProjectChangedType:
+		return p.AppendAddProjectEvent(event)
+	case project.ProjectDeactivatedType:
+		return p.appendDeactivatedEvent()
+	case project.ProjectReactivatedType:
+		return p.appendReactivatedEvent()
+	case project.ProjectRemovedType:
+		return p.appendRemovedEvent()
+	case project.OIDCConfigAddedType:
+		return p.appendOIDCConfig(event)
+	case project.ApplicationRemovedType:
+		return p.appendApplicationRemoved(event)
+	}
+	return nil
+}
+
+func (p *Project) AppendAddProjectEvent(event eventstore.Event) error {
+	p.SetData(event)
+	p.State = int32(model.ProjectStateActive)
+	return nil
+}
+
+func (p *Project) appendDeactivatedEvent() error {
+	p.State = int32(model.ProjectStateInactive)
+	return nil
+}
+
+func (p *Project) appendReactivatedEvent() error {
+	p.State = int32(model.ProjectStateActive)
+	return nil
+}
+
+func (p *Project) appendRemovedEvent() error {
+	p.State = int32(model.ProjectStateRemoved)
+	return nil
+}
+
+func (p *Project) appendOIDCConfig(event eventstore.Event) error {
+	appEvent := new(oidcApp)
+	if err := event.Unmarshal(appEvent); err != nil {
+		return err
+	}
+	p.OIDCApplications = append(p.OIDCApplications, appEvent)
+	return nil
+}
+
+func (p *Project) appendApplicationRemoved(event eventstore.Event) error {
+	appEvent := new(oidcApp)
+	if err := event.Unmarshal(appEvent); err != nil {
+		return err
+	}
+	for i := len(p.OIDCApplications) - 1; i >= 0; i-- {
+		if p.OIDCApplications[i].AppID == appEvent.AppID {
+			p.OIDCApplications[i] = p.OIDCApplications[len(p.OIDCApplications)-1]
+			p.OIDCApplications[len(p.OIDCApplications)-1] = nil
+			p.OIDCApplications = p.OIDCApplications[:len(p.OIDCApplications)-1]
+			return nil
+		}
+	}
+	return nil
+}
+
+func (p *Project) SetData(event eventstore.Event) error {
+	if err := event.Unmarshal(p); err != nil {
+		logging.Log("EVEN-lo9sr").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
--- a/apps/api/internal/project/repository/eventsourcing/model/project_grant.go
+++ b/apps/api/internal/project/repository/eventsourcing/model/project_grant.go
@@ -0,0 +1,42 @@
+package model
+
+import (
+	"encoding/json"
+	"reflect"
+
+	"github.com/zitadel/logging"
+
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type ProjectGrant struct {
+	es_models.ObjectRoot
+	State        int32                 `json:"-"`
+	GrantID      string                `json:"grantId,omitempty"`
+	GrantedOrgID string                `json:"grantedOrgId,omitempty"`
+	RoleKeys     []string              `json:"roleKeys,omitempty"`
+	Members      []*ProjectGrantMember `json:"-"`
+}
+
+type ProjectGrantID struct {
+	es_models.ObjectRoot
+	GrantID string `json:"grantId"`
+}
+
+func (g *ProjectGrant) Changes(changed *ProjectGrant) map[string]interface{} {
+	changes := make(map[string]interface{}, 1)
+	changes["grantId"] = g.GrantID
+	if !reflect.DeepEqual(g.RoleKeys, changed.RoleKeys) {
+		changes["roleKeys"] = changed.RoleKeys
+	}
+	return changes
+}
+
+func (g *ProjectGrant) getData(event *es_models.Event) error {
+	g.ObjectRoot.AppendEvent(event)
+	if err := json.Unmarshal(event.Data, g); err != nil {
+		logging.Log("EVEN-4h6gd").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
--- a/apps/api/internal/project/repository/eventsourcing/model/project_grant_member.go
+++ b/apps/api/internal/project/repository/eventsourcing/model/project_grant_member.go
@@ -0,0 +1,25 @@
+package model
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/logging"
+
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type ProjectGrantMember struct {
+	es_models.ObjectRoot
+	GrantID string   `json:"grantId,omitempty"`
+	UserID  string   `json:"userId,omitempty"`
+	Roles   []string `json:"roles,omitempty"`
+}
+
+func (m *ProjectGrantMember) SetData(event *es_models.Event) error {
+	m.ObjectRoot.AppendEvent(event)
+	if err := json.Unmarshal(event.Data, m); err != nil {
+		logging.Log("EVEN-8die2").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
--- a/apps/api/internal/project/repository/eventsourcing/model/project_member.go
+++ b/apps/api/internal/project/repository/eventsourcing/model/project_member.go
@@ -0,0 +1,24 @@
+package model
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/logging"
+
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type ProjectMember struct {
+	es_models.ObjectRoot
+	UserID string   `json:"userId,omitempty"`
+	Roles  []string `json:"roles,omitempty"`
+}
+
+func (m *ProjectMember) SetData(event *es_models.Event) error {
+	m.ObjectRoot.AppendEvent(event)
+	if err := json.Unmarshal(event.Data, m); err != nil {
+		logging.Log("EVEN-e4dkp").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
--- a/apps/api/internal/project/repository/eventsourcing/model/project_test.go
+++ b/apps/api/internal/project/repository/eventsourcing/model/project_test.go
@@ -0,0 +1,220 @@
+package model
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+	"github.com/zitadel/zitadel/internal/project/model"
+	"github.com/zitadel/zitadel/internal/repository/project"
+)
+
+func TestProjectFromEvents(t *testing.T) {
+	type args struct {
+		event   []eventstore.Event
+		project *Project
+	}
+	tests := []struct {
+		name   string
+		args   args
+		result *Project
+	}{
+		{
+			name: "project from events, ok",
+			args: args{
+				event: []eventstore.Event{
+					&es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectAddedType},
+				},
+				project: &Project{Name: "ProjectName"},
+			},
+			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateActive), Name: "ProjectName"},
+		},
+		{
+			name: "project from events, nil project",
+			args: args{
+				event: []eventstore.Event{
+					&es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectAddedType},
+				},
+				project: nil,
+			},
+			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateActive)},
+		},
+		{
+			name: "project from events with OIDC Application, ok",
+			args: args{
+				event: []eventstore.Event{
+					&es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectAddedType, Data: []byte(`{"name": "ProjectName"}`)},
+					&es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.OIDCConfigAddedType, Data: []byte(`{"appId":"appId", "clientId": "clientID"}`)},
+				},
+				project: nil,
+			},
+			result: &Project{
+				ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
+				State:      int32(model.ProjectStateActive),
+				Name:       "ProjectName",
+				OIDCApplications: []*oidcApp{
+					{
+						AppID:    "appID",
+						ClientID: "clientID",
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.project != nil {
+				data, _ := json.Marshal(tt.args.project)
+				tt.args.event[0].(*es_models.Event).Data = data
+			}
+			result, _ := ProjectFromEvents(tt.args.project, tt.args.event...)
+			if result.Name != tt.result.Name {
+				t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.result.Name, result.Name)
+			}
+		})
+	}
+}
+
+func TestAppendEvent(t *testing.T) {
+	type args struct {
+		event   *es_models.Event
+		project *Project
+	}
+	tests := []struct {
+		name   string
+		args   args
+		result *Project
+	}{
+		{
+			name: "append added event",
+			args: args{
+				event:   &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectAddedType},
+				project: &Project{Name: "ProjectName"},
+			},
+			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateActive), Name: "ProjectName"},
+		},
+		{
+			name: "append change event",
+			args: args{
+				event:   &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectChangedType},
+				project: &Project{Name: "ProjectName"},
+			},
+			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateActive), Name: "ProjectName"},
+		},
+		{
+			name: "append deactivate event",
+			args: args{
+				event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectDeactivatedType},
+			},
+			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateInactive)},
+		},
+		{
+			name: "append reactivate event",
+			args: args{
+				event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectReactivatedType},
+			},
+			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateActive)},
+		},
+		{
+			name: "append oidc config added event",
+			args: args{
+				event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.OIDCConfigAddedType, Data: []byte(`{"appId":"appID", "clientId": "clientID"}`)},
+			},
+			result: &Project{
+				ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
+				State:      int32(model.ProjectStateActive),
+				OIDCApplications: []*oidcApp{{
+					AppID:    "appID",
+					ClientID: "clientID",
+				}}},
+		},
+		{
+			name: "append application removed event",
+			args: args{
+				project: &Project{Name: "ProjectName", OIDCApplications: []*oidcApp{{
+					AppID:    "appID",
+					ClientID: "clientID",
+				}}},
+				event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ApplicationRemovedType, Data: []byte(`{"appId": "appID"}`)},
+			},
+			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateActive)},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.args.project != nil {
+				data, _ := json.Marshal(tt.args.project)
+				tt.args.event.Data = data
+			}
+			result := new(Project)
+			result.AppendEvent(tt.args.event)
+			if result.State != tt.result.State {
+				t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.result.State, result.State)
+			}
+			if result.Name != tt.result.Name {
+				t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.result.Name, result.Name)
+			}
+			if result.ObjectRoot.AggregateID != tt.result.ObjectRoot.AggregateID {
+				t.Errorf("got wrong result id: expected: %v, actual: %v ", tt.result.ObjectRoot.AggregateID, result.ObjectRoot.AggregateID)
+			}
+			assert.Equal(t, tt.result.OIDCApplications, result.OIDCApplications)
+		})
+	}
+}
+
+func TestAppendDeactivatedEvent(t *testing.T) {
+	type args struct {
+		project *Project
+	}
+	tests := []struct {
+		name   string
+		args   args
+		result *Project
+	}{
+		{
+			name: "append reactivate event",
+			args: args{
+				project: &Project{},
+			},
+			result: &Project{State: int32(model.ProjectStateInactive)},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.args.project.appendDeactivatedEvent()
+			if tt.args.project.State != tt.result.State {
+				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result, tt.args.project)
+			}
+		})
+	}
+}
+
+func TestAppendReactivatedEvent(t *testing.T) {
+	type args struct {
+		project *Project
+	}
+	tests := []struct {
+		name   string
+		args   args
+		result *Project
+	}{
+		{
+			name: "append reactivate event",
+			args: args{
+				project: &Project{},
+			},
+			result: &Project{State: int32(model.ProjectStateActive)},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.args.project.appendReactivatedEvent()
+			if tt.args.project.State != tt.result.State {
+				t.Errorf("got wrong result: expected: %v, actual: %v ", tt.result, tt.args.project)
+			}
+		})
+	}
+}
--- a/apps/api/internal/project/repository/eventsourcing/model/saml_config.go
+++ b/apps/api/internal/project/repository/eventsourcing/model/saml_config.go
@@ -0,0 +1,25 @@
+package model
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/logging"
+
+	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
+)
+
+type SAMLConfig struct {
+	es_models.ObjectRoot
+	AppID       string `json:"appId"`
+	Metadata    []byte `json:"metadata,omitempty"`
+	MetadataURL string `json:"metadataUrl,omitempty"`
+}
+
+func (o *SAMLConfig) setData(event *es_models.Event) error {
+	o.ObjectRoot.AppendEvent(event)
+	if err := json.Unmarshal(event.Data, o); err != nil {
+		logging.Log("EVEN-d8e3s").WithError(err).Error("could not unmarshal event data")
+		return err
+	}
+	return nil
+}
--- a/apps/api/internal/project/repository/view/query.go
+++ b/apps/api/internal/project/repository/view/query.go
@@ -0,0 +1,30 @@
+package view
+
+import (
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/project"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+func ProjectByIDQuery(id, instanceID string, latestSequence uint64) (*eventstore.SearchQueryBuilder, error) {
+	if id == "" {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "EVENT-dke74", "Errors.Project.ProjectIDMissing")
+	}
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		InstanceID(instanceID).
+		AwaitOpenTransactions().
+		SequenceGreater(latestSequence).
+		AddQuery().
+		AggregateTypes(project.AggregateType).
+		AggregateIDs(id).
+		EventTypes(
+			project.ProjectAddedType,
+			project.ProjectChangedType,
+			project.ProjectDeactivatedType,
+			project.ProjectReactivatedType,
+			project.ProjectRemovedType,
+			project.OIDCConfigAddedType,
+			project.ApplicationRemovedType,
+		).
+		Builder(), nil
+}