feat(idp): provide option to auto link user (#7734)

* init auto linking * prompt handling * working * translations * console * fixes * unify * custom texts * fix tests * linting * fix check of existing user * fix bg translation * set unspecified as default in the form
2025-08-11 18:17:35 +00:00 · 2024-04-10 17:46:30 +02:00
parent b3e3239d76
commit dcfa2f7955
75 changed files with 1432 additions and 418 deletions
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -7494,6 +7494,7 @@ message SetCustomLoginTextsRequest {
    zitadel.text.v1.PasswordlessRegistrationScreenText passwordless_registration_text = 33;
    zitadel.text.v1.PasswordlessRegistrationDoneScreenText passwordless_registration_done_text = 34;
    zitadel.text.v1.ExternalRegistrationUserOverviewScreenText external_registration_user_overview_text = 35;
+    zitadel.text.v1.LinkingUserPromptScreenText linking_user_prompt_text = 36;
 }

 message SetCustomLoginTextsResponse {
--- a/proto/zitadel/idp.proto
+++ b/proto/zitadel/idp.proto
@@ -515,6 +515,21 @@ message Options {
            description: "Enable if a the ZITADEL account fields should be updated automatically on each login.";
        }
    ];
+    AutoLinkingOption auto_linking = 5 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            description: "Enable if users should get prompted to link an existing ZITADEL user to an external account if the selected attribute matches.";
+        }
+    ];
+}
+
+enum AutoLinkingOption {
+    // AUTO_LINKING_OPTION_UNSPECIFIED disables the auto linking prompt.
+    AUTO_LINKING_OPTION_UNSPECIFIED = 0;
+    // AUTO_LINKING_OPTION_USERNAME will use the username of the external user to check for a corresponding ZITADEL user.
+    AUTO_LINKING_OPTION_USERNAME = 1;
+    // AUTO_LINKING_OPTION_EMAIL  will use the email of the external user to check for a corresponding ZITADEL user with the same verified email
+    // Note that in case multiple users match, no prompt will be shown.
+    AUTO_LINKING_OPTION_EMAIL = 2;
 }

 message LDAPAttributes {
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -10948,6 +10948,7 @@ message SetCustomLoginTextsRequest {
    zitadel.text.v1.PasswordlessRegistrationScreenText passwordless_registration_text = 33;
    zitadel.text.v1.PasswordlessRegistrationDoneScreenText passwordless_registration_done_text = 34;
    zitadel.text.v1.ExternalRegistrationUserOverviewScreenText external_registration_user_overview_text = 35;
+    zitadel.text.v1.LinkingUserPromptScreenText linking_user_prompt_text = 36;
 }

 message SetCustomLoginTextsResponse {
--- a/proto/zitadel/text.proto
+++ b/proto/zitadel/text.proto
@@ -92,6 +92,7 @@ message LoginCustomText {
    PasswordlessRegistrationDoneScreenText passwordless_registration_done_text = 34;
    ExternalRegistrationUserOverviewScreenText external_registration_user_overview_text = 35;
    bool is_default = 36;
+    LinkingUserPromptScreenText linking_user_prompt_text = 37;
 }

 message SelectAccountScreenText {
@@ -357,6 +358,13 @@ message RegistrationOrgScreenText {
    string save_button_text = 19 [(validate.rules).string = {max_len: 200}];
 }

+message LinkingUserPromptScreenText {
+    string title = 1 [(validate.rules).string = {max_len: 200}];
+    string description = 2 [(validate.rules).string = {max_len: 500}];
+    string link_button_text = 3 [(validate.rules).string = {max_len: 100}];
+    string other_button_text = 4 [(validate.rules).string = {max_len: 100}];
+}
+
 message LinkingUserDoneScreenText {
    string title = 1 [(validate.rules).string = {max_len: 200}];
    string description = 2 [(validate.rules).string = {max_len: 500}];