mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
feat(console): enable ID token mapping for generic OIDC provider (#6426)
* fix: use IsIdTokenMapping request property
* feat(console): oidc provider id token mapping
* fix scss
* reduce styles
* fix lint
---------
Co-authored-by: peintnermax <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit 29fa3d417c)
This commit is contained in:
Elio Bischof
Livio Spring
parent
637caba8a0
commit
d1ec248f05
@ -78,6 +78,14 @@
|
|||||||
</cnsl-form-field>
|
</cnsl-form-field>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="id-token-mapping">
|
||||||
|
<cnsl-info-section>
|
||||||
|
<div>
|
||||||
|
<p class="checkbox-desc">{{ 'IDP.ISIDTOKENMAPPING_DESC' | translate }}</p>
|
||||||
|
<mat-checkbox formControlName="isIdTokenMapping">{{ 'IDP.ISIDTOKENMAPPING' | translate }}</mat-checkbox>
|
||||||
|
</div>
|
||||||
|
</cnsl-info-section>
|
||||||
|
</div>
|
||||||
<cnsl-provider-options
|
<cnsl-provider-options
|
||||||
[initialOptions]="provider?.config?.options"
|
[initialOptions]="provider?.config?.options"
|
||||||
(optionsChanged)="options = $event"
|
(optionsChanged)="options = $event"
|
||||||
|
|||||||
@ -0,0 +1,8 @@
|
|||||||
|
.id-token-mapping {
|
||||||
|
max-width: 400px;
|
||||||
|
|
||||||
|
.checkbox-desc {
|
||||||
|
margin-top: 0;
|
||||||
|
margin-bottom: 0.5rem;
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -27,6 +27,7 @@ import { PolicyComponentServiceType } from '../../policies/policy-component-type
|
|||||||
@Component({
|
@Component({
|
||||||
selector: 'cnsl-provider-oidc',
|
selector: 'cnsl-provider-oidc',
|
||||||
templateUrl: './provider-oidc.component.html',
|
templateUrl: './provider-oidc.component.html',
|
||||||
|
styleUrls: ['./provider-oidc.component.scss'],
|
||||||
})
|
})
|
||||||
export class ProviderOIDCComponent {
|
export class ProviderOIDCComponent {
|
||||||
public showOptional: boolean = false;
|
public showOptional: boolean = false;
|
||||||
@ -56,6 +57,7 @@ export class ProviderOIDCComponent {
|
|||||||
clientSecret: new UntypedFormControl('', [requiredValidator]),
|
clientSecret: new UntypedFormControl('', [requiredValidator]),
|
||||||
issuer: new UntypedFormControl('', [requiredValidator]),
|
issuer: new UntypedFormControl('', [requiredValidator]),
|
||||||
scopesList: new UntypedFormControl(['openid', 'profile', 'email'], []),
|
scopesList: new UntypedFormControl(['openid', 'profile', 'email'], []),
|
||||||
|
isIdTokenMapping: new UntypedFormControl(),
|
||||||
});
|
});
|
||||||
|
|
||||||
this.route.data.pipe(take(1)).subscribe((data) => {
|
this.route.data.pipe(take(1)).subscribe((data) => {
|
||||||
@ -131,6 +133,7 @@ export class ProviderOIDCComponent {
|
|||||||
req.setIssuer(this.issuer?.value);
|
req.setIssuer(this.issuer?.value);
|
||||||
req.setScopesList(this.scopesList?.value);
|
req.setScopesList(this.scopesList?.value);
|
||||||
req.setProviderOptions(this.options);
|
req.setProviderOptions(this.options);
|
||||||
|
req.setIsIdTokenMapping(this.isIdTokenMapping?.value);
|
||||||
|
|
||||||
this.loading = true;
|
this.loading = true;
|
||||||
this.service
|
this.service
|
||||||
@ -160,6 +163,7 @@ export class ProviderOIDCComponent {
|
|||||||
req.setIssuer(this.issuer?.value);
|
req.setIssuer(this.issuer?.value);
|
||||||
req.setScopesList(this.scopesList?.value);
|
req.setScopesList(this.scopesList?.value);
|
||||||
req.setProviderOptions(this.options);
|
req.setProviderOptions(this.options);
|
||||||
|
req.setIsIdTokenMapping(this.isIdTokenMapping?.value);
|
||||||
|
|
||||||
this.loading = true;
|
this.loading = true;
|
||||||
this.service
|
this.service
|
||||||
@ -224,4 +228,8 @@ export class ProviderOIDCComponent {
|
|||||||
public get scopesList(): AbstractControl | null {
|
public get scopesList(): AbstractControl | null {
|
||||||
return this.form.get('scopesList');
|
return this.form.get('scopesList');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public get isIdTokenMapping(): AbstractControl | null {
|
||||||
|
return this.form.get('isIdTokenMapping');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1822,7 +1822,9 @@
|
|||||||
"DELETED": "Idp премахнат успешно!",
|
"DELETED": "Idp премахнат успешно!",
|
||||||
"ADDED": "Добавено успешно.",
|
"ADDED": "Добавено успешно.",
|
||||||
"REMOVED": "Премахнато успешно."
|
"REMOVED": "Премахнато успешно."
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "Съответствие от ID токен",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "Ако е избрано, информацията на доставчика се съответства от ID токена, а не от userinfo крайната точка."
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1831,7 +1831,9 @@
|
|||||||
"DELETED": "Idp erfolgreich gelöscht!",
|
"DELETED": "Idp erfolgreich gelöscht!",
|
||||||
"ADDED": "Erfolgreich hinzugefügt.",
|
"ADDED": "Erfolgreich hinzugefügt.",
|
||||||
"REMOVED": "Erfolgreich entfernt."
|
"REMOVED": "Erfolgreich entfernt."
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "Zuordnung vom ID-Token",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "Legt fest, ob für das Mapping der Provider Informationen das ID-Token verwendet werden soll, anstatt des Userinfo-Endpoints."
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1828,7 +1828,9 @@
|
|||||||
"DELETED": "Idp removed successfully!",
|
"DELETED": "Idp removed successfully!",
|
||||||
"ADDED": "Added successfully.",
|
"ADDED": "Added successfully.",
|
||||||
"REMOVED": "Removed successfully."
|
"REMOVED": "Removed successfully."
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "Map from the ID token",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "If selected, provider information gets mapped from the ID token, not from the userinfo endpoint."
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1828,7 +1828,9 @@
|
|||||||
"DELETED": "¡IDP eliminado con éxito!",
|
"DELETED": "¡IDP eliminado con éxito!",
|
||||||
"ADDED": "Añadido con éxito.",
|
"ADDED": "Añadido con éxito.",
|
||||||
"REMOVED": "Eliminado con éxito."
|
"REMOVED": "Eliminado con éxito."
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "Asignación del ID token",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "Si se selecciona, la información del proveedor se asigna desde el ID token, no desde el punto final de userinfo."
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1832,7 +1832,9 @@
|
|||||||
"DELETED": "Idp supprimé avec succès !",
|
"DELETED": "Idp supprimé avec succès !",
|
||||||
"ADDED": "Ajouté avec succès.",
|
"ADDED": "Ajouté avec succès.",
|
||||||
"REMOVED": "Suppression réussie."
|
"REMOVED": "Suppression réussie."
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "Mappage depuis le jeton ID",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "Si sélectionné, les informations du fournisseur sont mappées à partir du jeton ID, et non à partir du point d'extrémité userinfo."
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1832,7 +1832,9 @@
|
|||||||
"DELETED": "IDP rimosso con successo!",
|
"DELETED": "IDP rimosso con successo!",
|
||||||
"ADDED": "Aggiunto con successo.",
|
"ADDED": "Aggiunto con successo.",
|
||||||
"REMOVED": "Rimosso con successo."
|
"REMOVED": "Rimosso con successo."
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "Mappatura dal token ID",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "Se selezionato, le informazioni del provider vengono mappate dal token ID, non dal punto finale userinfo."
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1823,7 +1823,9 @@
|
|||||||
"DELETED": "IDPは正常に削除されました!",
|
"DELETED": "IDPは正常に削除されました!",
|
||||||
"ADDED": "正常に追加されました。",
|
"ADDED": "正常に追加されました。",
|
||||||
"REMOVED": "正常に削除されました。"
|
"REMOVED": "正常に削除されました。"
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "IDトークンからのマッピング",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "選択された場合、プロバイダ情報はIDトークンからマッピングされ、userinfoエンドポイントからではありません。"
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1828,7 +1828,9 @@
|
|||||||
"DELETED": "IDP успешно отстранет!",
|
"DELETED": "IDP успешно отстранет!",
|
||||||
"ADDED": "Успешно додадено.",
|
"ADDED": "Успешно додадено.",
|
||||||
"REMOVED": "Успешно отстрането."
|
"REMOVED": "Успешно отстрането."
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "Совпаѓање од ID токен",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "Ако е избрано, информациите од провајдерот се мапираат од ID токенот, а не од userinfo крајната точка."
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1832,7 +1832,9 @@
|
|||||||
"DELETED": "Dostawca tożsamości usunięty pomyślnie!",
|
"DELETED": "Dostawca tożsamości usunięty pomyślnie!",
|
||||||
"ADDED": "Dodano pomyślnie.",
|
"ADDED": "Dodano pomyślnie.",
|
||||||
"REMOVED": "Usunięto pomyślnie."
|
"REMOVED": "Usunięto pomyślnie."
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "Mapowanie z tokena ID",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "Jeśli wybrane, informacje dostawcy są mapowane z tokena ID, a nie z punktu końcowego userinfo."
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1826,7 +1826,9 @@
|
|||||||
"DELETED": "Provedor de identidade removido com sucesso!",
|
"DELETED": "Provedor de identidade removido com sucesso!",
|
||||||
"ADDED": "Adicionado com sucesso.",
|
"ADDED": "Adicionado com sucesso.",
|
||||||
"REMOVED": "Removido com sucesso."
|
"REMOVED": "Removido com sucesso."
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "Mapeamento do token ID",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "Se selecionado, as informações do provedor são mapeadas a partir do token ID, e não do ponto final userinfo."
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -1831,7 +1831,9 @@
|
|||||||
"DELETED": "IDP 删除成功!",
|
"DELETED": "IDP 删除成功!",
|
||||||
"ADDED": "添加成功。",
|
"ADDED": "添加成功。",
|
||||||
"REMOVED": "成功删除。"
|
"REMOVED": "成功删除。"
|
||||||
}
|
},
|
||||||
|
"ISIDTOKENMAPPING": "从ID令牌映射",
|
||||||
|
"ISIDTOKENMAPPING_DESC": "如果选中,提供商信息将从ID令牌映射,而不是从userinfo端点。"
|
||||||
},
|
},
|
||||||
"MFA": {
|
"MFA": {
|
||||||
"LIST": {
|
"LIST": {
|
||||||
|
|||||||
@ -253,6 +253,7 @@ func addGenericOIDCProviderToCommand(req *mgmt_pb.AddGenericOIDCProviderRequest)
|
|||||||
ClientID: req.ClientId,
|
ClientID: req.ClientId,
|
||||||
ClientSecret: req.ClientSecret,
|
ClientSecret: req.ClientSecret,
|
||||||
Scopes: req.Scopes,
|
Scopes: req.Scopes,
|
||||||
|
IsIDTokenMapping: req.IsIdTokenMapping,
|
||||||
IDPOptions: idp_grpc.OptionsToCommand(req.ProviderOptions),
|
IDPOptions: idp_grpc.OptionsToCommand(req.ProviderOptions),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -342,7 +342,12 @@ message GenericOIDCConfig {
|
|||||||
description: "the scopes requested by ZITADEL during the request on the identity provider";
|
description: "the scopes requested by ZITADEL during the request on the identity provider";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
bool is_id_token_mapping = 4;
|
bool is_id_token_mapping = 4 [
|
||||||
|
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
|
||||||
|
example: "true";
|
||||||
|
description: "if true, provider information get mapped from the id token, not from the userinfo endpoint";
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
message GitHubConfig {
|
message GitHubConfig {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user