feat(console): enable ID token mapping for generic OIDC provider (#6426)

* fix: use IsIdTokenMapping request property

* feat(console): oidc provider id token mapping

* fix scss

* reduce styles

* fix lint

---------

Co-authored-by: peintnermax <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit 29fa3d417c)
This commit is contained in:
Elio Bischof 2023-08-23 14:57:20 +02:00 committed by Livio Spring
parent 637caba8a0
commit d1ec248f05
No known key found for this signature in database
GPG Key ID: 26BB1C2FA5952CF0
16 changed files with 70 additions and 18 deletions

View File

@ -78,6 +78,14 @@
</cnsl-form-field>
</div>
<div class="id-token-mapping">
<cnsl-info-section>
<div>
<p class="checkbox-desc">{{ 'IDP.ISIDTOKENMAPPING_DESC' | translate }}</p>
<mat-checkbox formControlName="isIdTokenMapping">{{ 'IDP.ISIDTOKENMAPPING' | translate }}</mat-checkbox>
</div>
</cnsl-info-section>
</div>
<cnsl-provider-options
[initialOptions]="provider?.config?.options"
(optionsChanged)="options = $event"

View File

@ -0,0 +1,8 @@
.id-token-mapping {
max-width: 400px;
.checkbox-desc {
margin-top: 0;
margin-bottom: 0.5rem;
}
}

View File

@ -27,6 +27,7 @@ import { PolicyComponentServiceType } from '../../policies/policy-component-type
@Component({
selector: 'cnsl-provider-oidc',
templateUrl: './provider-oidc.component.html',
styleUrls: ['./provider-oidc.component.scss'],
})
export class ProviderOIDCComponent {
public showOptional: boolean = false;
@ -56,6 +57,7 @@ export class ProviderOIDCComponent {
clientSecret: new UntypedFormControl('', [requiredValidator]),
issuer: new UntypedFormControl('', [requiredValidator]),
scopesList: new UntypedFormControl(['openid', 'profile', 'email'], []),
isIdTokenMapping: new UntypedFormControl(),
});
this.route.data.pipe(take(1)).subscribe((data) => {
@ -131,6 +133,7 @@ export class ProviderOIDCComponent {
req.setIssuer(this.issuer?.value);
req.setScopesList(this.scopesList?.value);
req.setProviderOptions(this.options);
req.setIsIdTokenMapping(this.isIdTokenMapping?.value);
this.loading = true;
this.service
@ -160,6 +163,7 @@ export class ProviderOIDCComponent {
req.setIssuer(this.issuer?.value);
req.setScopesList(this.scopesList?.value);
req.setProviderOptions(this.options);
req.setIsIdTokenMapping(this.isIdTokenMapping?.value);
this.loading = true;
this.service
@ -224,4 +228,8 @@ export class ProviderOIDCComponent {
public get scopesList(): AbstractControl | null {
return this.form.get('scopesList');
}
public get isIdTokenMapping(): AbstractControl | null {
return this.form.get('isIdTokenMapping');
}
}

View File

@ -1822,7 +1822,9 @@
"DELETED": "Idp премахнат успешно!",
"ADDED": "Добавено успешно.",
"REMOVED": "Премахнато успешно."
}
},
"ISIDTOKENMAPPING": "Съответствие от ID токен",
"ISIDTOKENMAPPING_DESC": "Ако е избрано, информацията на доставчика се съответства от ID токена, а не от userinfo крайната точка."
},
"MFA": {
"LIST": {

View File

@ -1831,7 +1831,9 @@
"DELETED": "Idp erfolgreich gelöscht!",
"ADDED": "Erfolgreich hinzugefügt.",
"REMOVED": "Erfolgreich entfernt."
}
},
"ISIDTOKENMAPPING": "Zuordnung vom ID-Token",
"ISIDTOKENMAPPING_DESC": "Legt fest, ob für das Mapping der Provider Informationen das ID-Token verwendet werden soll, anstatt des Userinfo-Endpoints."
},
"MFA": {
"LIST": {

View File

@ -1828,7 +1828,9 @@
"DELETED": "Idp removed successfully!",
"ADDED": "Added successfully.",
"REMOVED": "Removed successfully."
}
},
"ISIDTOKENMAPPING": "Map from the ID token",
"ISIDTOKENMAPPING_DESC": "If selected, provider information gets mapped from the ID token, not from the userinfo endpoint."
},
"MFA": {
"LIST": {

View File

@ -1828,7 +1828,9 @@
"DELETED": "¡IDP eliminado con éxito!",
"ADDED": "Añadido con éxito.",
"REMOVED": "Eliminado con éxito."
}
},
"ISIDTOKENMAPPING": "Asignación del ID token",
"ISIDTOKENMAPPING_DESC": "Si se selecciona, la información del proveedor se asigna desde el ID token, no desde el punto final de userinfo."
},
"MFA": {
"LIST": {

View File

@ -1832,7 +1832,9 @@
"DELETED": "Idp supprimé avec succès !",
"ADDED": "Ajouté avec succès.",
"REMOVED": "Suppression réussie."
}
},
"ISIDTOKENMAPPING": "Mappage depuis le jeton ID",
"ISIDTOKENMAPPING_DESC": "Si sélectionné, les informations du fournisseur sont mappées à partir du jeton ID, et non à partir du point d'extrémité userinfo."
},
"MFA": {
"LIST": {

View File

@ -1832,7 +1832,9 @@
"DELETED": "IDP rimosso con successo!",
"ADDED": "Aggiunto con successo.",
"REMOVED": "Rimosso con successo."
}
},
"ISIDTOKENMAPPING": "Mappatura dal token ID",
"ISIDTOKENMAPPING_DESC": "Se selezionato, le informazioni del provider vengono mappate dal token ID, non dal punto finale userinfo."
},
"MFA": {
"LIST": {

View File

@ -1823,7 +1823,9 @@
"DELETED": "IDPは正常に削除されました",
"ADDED": "正常に追加されました。",
"REMOVED": "正常に削除されました。"
}
},
"ISIDTOKENMAPPING": "IDトークンからのマッピング",
"ISIDTOKENMAPPING_DESC": "選択された場合、プロバイダ情報はIDトークンからマッピングされ、userinfoエンドポイントからではありません。"
},
"MFA": {
"LIST": {

View File

@ -1828,7 +1828,9 @@
"DELETED": "IDP успешно отстранет!",
"ADDED": "Успешно додадено.",
"REMOVED": "Успешно отстрането."
}
},
"ISIDTOKENMAPPING": "Совпаѓање од ID токен",
"ISIDTOKENMAPPING_DESC": "Ако е избрано, информациите од провајдерот се мапираат од ID токенот, а не од userinfo крајната точка."
},
"MFA": {
"LIST": {

View File

@ -1832,7 +1832,9 @@
"DELETED": "Dostawca tożsamości usunięty pomyślnie!",
"ADDED": "Dodano pomyślnie.",
"REMOVED": "Usunięto pomyślnie."
}
},
"ISIDTOKENMAPPING": "Mapowanie z tokena ID",
"ISIDTOKENMAPPING_DESC": "Jeśli wybrane, informacje dostawcy są mapowane z tokena ID, a nie z punktu końcowego userinfo."
},
"MFA": {
"LIST": {

View File

@ -1826,7 +1826,9 @@
"DELETED": "Provedor de identidade removido com sucesso!",
"ADDED": "Adicionado com sucesso.",
"REMOVED": "Removido com sucesso."
}
},
"ISIDTOKENMAPPING": "Mapeamento do token ID",
"ISIDTOKENMAPPING_DESC": "Se selecionado, as informações do provedor são mapeadas a partir do token ID, e não do ponto final userinfo."
},
"MFA": {
"LIST": {

View File

@ -1831,7 +1831,9 @@
"DELETED": "IDP 删除成功!",
"ADDED": "添加成功。",
"REMOVED": "成功删除。"
}
},
"ISIDTOKENMAPPING": "从ID令牌映射",
"ISIDTOKENMAPPING_DESC": "如果选中提供商信息将从ID令牌映射而不是从userinfo端点。"
},
"MFA": {
"LIST": {

View File

@ -253,6 +253,7 @@ func addGenericOIDCProviderToCommand(req *mgmt_pb.AddGenericOIDCProviderRequest)
ClientID: req.ClientId,
ClientSecret: req.ClientSecret,
Scopes: req.Scopes,
IsIDTokenMapping: req.IsIdTokenMapping,
IDPOptions: idp_grpc.OptionsToCommand(req.ProviderOptions),
}
}

View File

@ -342,7 +342,12 @@ message GenericOIDCConfig {
description: "the scopes requested by ZITADEL during the request on the identity provider";
}
];
bool is_id_token_mapping = 4;
bool is_id_token_mapping = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "true";
description: "if true, provider information get mapped from the id token, not from the userinfo endpoint";
}
];
}
message GitHubConfig {