feat: add apple as idp (#6442)

* feat: manage apple idp * handle apple idp callback * add tests for provider * basic console implementation * implement flow for login UI and add logos / styling * tests * cleanup * add upload button * begin i18n * apple logo positioning, file upload component * fix add apple instance idp * add missing apple logos for login * update to go 1.21 * fix slice compare * revert permission changes * concrete error messages * translate login apple logo -y-2px * change form parsing * sign in button * fix tests * lint console --------- Co-authored-by: peintnermax <max@caos.ch>
2025-08-11 19:07:30 +00:00 · 2023-08-31 08:39:16 +02:00
parent 0d94947d3c
commit e17b49e4ca
89 changed files with 4384 additions and 64 deletions
--- a/internal/repository/idp/apple.go
+++ b/internal/repository/idp/apple.go
@@ -0,0 +1,164 @@
+package idp
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+)
+
+type AppleIDPAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID         string              `json:"id"`
+	Name       string              `json:"name,omitempty"`
+	ClientID   string              `json:"clientId"`
+	TeamID     string              `json:"teamId"`
+	KeyID      string              `json:"keyId"`
+	PrivateKey *crypto.CryptoValue `json:"privateKey"`
+	Scopes     []string            `json:"scopes,omitempty"`
+	Options
+}
+
+func NewAppleIDPAddedEvent(
+	base *eventstore.BaseEvent,
+	id,
+	name,
+	clientID,
+	teamID,
+	keyID string,
+	privateKey *crypto.CryptoValue,
+	scopes []string,
+	options Options,
+) *AppleIDPAddedEvent {
+	return &AppleIDPAddedEvent{
+		BaseEvent:  *base,
+		ID:         id,
+		Name:       name,
+		ClientID:   clientID,
+		TeamID:     teamID,
+		KeyID:      keyID,
+		PrivateKey: privateKey,
+		Scopes:     scopes,
+		Options:    options,
+	}
+}
+
+func (e *AppleIDPAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *AppleIDPAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func AppleIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &AppleIDPAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-Beqss", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
+
+type AppleIDPChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ID         string              `json:"id"`
+	Name       *string             `json:"name,omitempty"`
+	ClientID   *string             `json:"clientId,omitempty"`
+	TeamID     *string             `json:"teamId,omitempty"`
+	KeyID      *string             `json:"keyId,omitempty"`
+	PrivateKey *crypto.CryptoValue `json:"privateKey,omitempty"`
+	Scopes     []string            `json:"scopes,omitempty"`
+	OptionChanges
+}
+
+func NewAppleIDPChangedEvent(
+	base *eventstore.BaseEvent,
+	id string,
+	changes []AppleIDPChanges,
+) (*AppleIDPChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "IDP-SF3h2", "Errors.NoChangesFound")
+	}
+	changedEvent := &AppleIDPChangedEvent{
+		BaseEvent: *base,
+		ID:        id,
+	}
+	for _, change := range changes {
+		change(changedEvent)
+	}
+	return changedEvent, nil
+}
+
+type AppleIDPChanges func(*AppleIDPChangedEvent)
+
+func ChangeAppleName(name string) func(*AppleIDPChangedEvent) {
+	return func(e *AppleIDPChangedEvent) {
+		e.Name = &name
+	}
+}
+
+func ChangeAppleClientID(clientID string) func(*AppleIDPChangedEvent) {
+	return func(e *AppleIDPChangedEvent) {
+		e.ClientID = &clientID
+	}
+}
+
+func ChangeAppleTeamID(teamID string) func(*AppleIDPChangedEvent) {
+	return func(e *AppleIDPChangedEvent) {
+		e.TeamID = &teamID
+	}
+}
+
+func ChangeAppleKeyID(keyID string) func(*AppleIDPChangedEvent) {
+	return func(e *AppleIDPChangedEvent) {
+		e.KeyID = &keyID
+	}
+}
+
+func ChangeApplePrivateKey(privateKey *crypto.CryptoValue) func(*AppleIDPChangedEvent) {
+	return func(e *AppleIDPChangedEvent) {
+		e.PrivateKey = privateKey
+	}
+}
+
+func ChangeAppleScopes(scopes []string) func(*AppleIDPChangedEvent) {
+	return func(e *AppleIDPChangedEvent) {
+		e.Scopes = scopes
+	}
+}
+
+func ChangeAppleOptions(options OptionChanges) func(*AppleIDPChangedEvent) {
+	return func(e *AppleIDPChangedEvent) {
+		e.OptionChanges = options
+	}
+}
+
+func (e *AppleIDPChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *AppleIDPChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func AppleIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &AppleIDPChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "IDP-NBe1s", "unable to unmarshal event")
+	}
+
+	return e, nil
+}
--- a/internal/repository/instance/eventstore.go
+++ b/internal/repository/instance/eventstore.go
@@ -92,6 +92,8 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(AggregateType, GoogleIDPChangedEventType, GoogleIDPChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, LDAPIDPAddedEventType, LDAPIDPAddedEventMapper).
 		RegisterFilterEventMapper(AggregateType, LDAPIDPChangedEventType, LDAPIDPChangedEventMapper).
+		RegisterFilterEventMapper(AggregateType, AppleIDPAddedEventType, AppleIDPAddedEventMapper).
+		RegisterFilterEventMapper(AggregateType, AppleIDPChangedEventType, AppleIDPChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, IDPRemovedEventType, IDPRemovedEventMapper).
 		RegisterFilterEventMapper(AggregateType, LoginPolicyIDPProviderAddedEventType, IdentityProviderAddedEventMapper).
 		RegisterFilterEventMapper(AggregateType, LoginPolicyIDPProviderRemovedEventType, IdentityProviderRemovedEventMapper).
--- a/internal/repository/instance/idp.go
+++ b/internal/repository/instance/idp.go
@@ -33,6 +33,8 @@ const (
 	GoogleIDPChangedEventType           eventstore.EventType = "instance.idp.google.changed"
 	LDAPIDPAddedEventType               eventstore.EventType = "instance.idp.ldap.v2.added"
 	LDAPIDPChangedEventType             eventstore.EventType = "instance.idp.ldap.v2.changed"
+	AppleIDPAddedEventType              eventstore.EventType = "instance.idp.apple.added"
+	AppleIDPChangedEventType            eventstore.EventType = "instance.idp.apple.changed"
 	IDPRemovedEventType                 eventstore.EventType = "instance.idp.removed"
 )

@@ -920,6 +922,86 @@ func LDAPIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error
 	return &LDAPIDPChangedEvent{LDAPIDPChangedEvent: *e.(*idp.LDAPIDPChangedEvent)}, nil
 }

+type AppleIDPAddedEvent struct {
+	idp.AppleIDPAddedEvent
+}
+
+func NewAppleIDPAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id,
+	name,
+	clientID,
+	teamID,
+	keyID string,
+	privateKey *crypto.CryptoValue,
+	scopes []string,
+	options idp.Options,
+) *AppleIDPAddedEvent {
+
+	return &AppleIDPAddedEvent{
+		AppleIDPAddedEvent: *idp.NewAppleIDPAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				AppleIDPAddedEventType,
+			),
+			id,
+			name,
+			clientID,
+			teamID,
+			keyID,
+			privateKey,
+			scopes,
+			options,
+		),
+	}
+}
+
+func AppleIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.AppleIDPAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &AppleIDPAddedEvent{AppleIDPAddedEvent: *e.(*idp.AppleIDPAddedEvent)}, nil
+}
+
+type AppleIDPChangedEvent struct {
+	idp.AppleIDPChangedEvent
+}
+
+func NewAppleIDPChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id string,
+	changes []idp.AppleIDPChanges,
+) (*AppleIDPChangedEvent, error) {
+
+	changedEvent, err := idp.NewAppleIDPChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			AppleIDPChangedEventType,
+		),
+		id,
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &AppleIDPChangedEvent{AppleIDPChangedEvent: *changedEvent}, nil
+}
+
+func AppleIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.AppleIDPChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &AppleIDPChangedEvent{AppleIDPChangedEvent: *e.(*idp.AppleIDPChangedEvent)}, nil
+}
+
 type IDPRemovedEvent struct {
 	idp.RemovedEvent
 }
--- a/internal/repository/org/eventstore.go
+++ b/internal/repository/org/eventstore.go
@@ -101,6 +101,8 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(AggregateType, GoogleIDPChangedEventType, GoogleIDPChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, LDAPIDPAddedEventType, LDAPIDPAddedEventMapper).
 		RegisterFilterEventMapper(AggregateType, LDAPIDPChangedEventType, LDAPIDPChangedEventMapper).
+		RegisterFilterEventMapper(AggregateType, AppleIDPAddedEventType, AppleIDPAddedEventMapper).
+		RegisterFilterEventMapper(AggregateType, AppleIDPChangedEventType, AppleIDPChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, IDPRemovedEventType, IDPRemovedEventMapper).
 		RegisterFilterEventMapper(AggregateType, TriggerActionsSetEventType, TriggerActionsSetEventMapper).
 		RegisterFilterEventMapper(AggregateType, TriggerActionsCascadeRemovedEventType, TriggerActionsCascadeRemovedEventMapper).
--- a/internal/repository/org/idp.go
+++ b/internal/repository/org/idp.go
@@ -33,6 +33,8 @@ const (
 	GoogleIDPChangedEventType           eventstore.EventType = "org.idp.google.changed"
 	LDAPIDPAddedEventType               eventstore.EventType = "org.idp.ldap.added"
 	LDAPIDPChangedEventType             eventstore.EventType = "org.idp.ldap.changed"
+	AppleIDPAddedEventType              eventstore.EventType = "org.idp.apple.added"
+	AppleIDPChangedEventType            eventstore.EventType = "org.idp.apple.changed"
 	IDPRemovedEventType                 eventstore.EventType = "org.idp.removed"
 )

@@ -920,6 +922,86 @@ func LDAPIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error
 	return &LDAPIDPChangedEvent{LDAPIDPChangedEvent: *e.(*idp.LDAPIDPChangedEvent)}, nil
 }

+type AppleIDPAddedEvent struct {
+	idp.AppleIDPAddedEvent
+}
+
+func NewAppleIDPAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id,
+	name,
+	clientID,
+	teamID,
+	keyID string,
+	privateKey *crypto.CryptoValue,
+	scopes []string,
+	options idp.Options,
+) *AppleIDPAddedEvent {
+
+	return &AppleIDPAddedEvent{
+		AppleIDPAddedEvent: *idp.NewAppleIDPAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				AppleIDPAddedEventType,
+			),
+			id,
+			name,
+			clientID,
+			teamID,
+			keyID,
+			privateKey,
+			scopes,
+			options,
+		),
+	}
+}
+
+func AppleIDPAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.AppleIDPAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &AppleIDPAddedEvent{AppleIDPAddedEvent: *e.(*idp.AppleIDPAddedEvent)}, nil
+}
+
+type AppleIDPChangedEvent struct {
+	idp.AppleIDPChangedEvent
+}
+
+func NewAppleIDPChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	id string,
+	changes []idp.AppleIDPChanges,
+) (*AppleIDPChangedEvent, error) {
+
+	changedEvent, err := idp.NewAppleIDPChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			AppleIDPChangedEventType,
+		),
+		id,
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &AppleIDPChangedEvent{AppleIDPChangedEvent: *changedEvent}, nil
+}
+
+func AppleIDPChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := idp.AppleIDPChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &AppleIDPChangedEvent{AppleIDPChangedEvent: *e.(*idp.AppleIDPChangedEvent)}, nil
+}
+
 type IDPRemovedEvent struct {
 	idp.RemovedEvent
 }