TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-13 10:07:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(idp): provide auto only options (#8420)

Browse Source 
# Which Problems Are Solved

As of now, **automatic creation** and **automatic linking options** were
only considered if the corresponding **allowed option** (account
creation / linking allowed) was enabled.

With this PR, this is no longer needed and allows administrators to
address cases, where only an **automatic creation** is allowed, but
users themselves should not be allowed to **manually** create new
accounts using an identity provider or edit the information during the
process.
Also, allowing users to only link to the proposed existing account is
now possible with an enabled **automatic linking option**, while
disabling **account linking allowed**.

# How the Problems Are Solved

- Check for **automatic** options without the corresponding **allowed**
option.
- added technical advisory to notify about the possible behavior change

# Additional Changes

- display the error message on the IdP linking step in the login UI (in
case there is one)
- display an error in case no option is possible
- exchanged deprecated `eventstoreExpect` with `expectEventstore` in
touched test files

# Additional Context

closes https://github.com/zitadel/zitadel/issues/7393

---------

Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
This commit is contained in:
Livio Spring
2024-08-14 15:04:26 +02:00
committed by GitHub
parent d32e22734f
commit e2e1100124
41 changed files with 776 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
console/src/assets/i18n/en.json
View File

@@ -2066,10 +2066,10 @@
"ISAUTOCREATION_DESC": "If selected, an account will be created if it does not exist yet.",
"ISAUTOUPDATE": "Automatic update",
"ISAUTOUPDATE_DESC": "If selected, accounts are updated on reauthentication.",
"ISCREATIONALLOWED": "Account creation allowed",
"ISCREATIONALLOWED_DESC": "Determines whether accounts can be created.",
"ISLINKINGALLOWED": "Account linking allowed",
"ISLINKINGALLOWED_DESC": "Determines whether an identity can be linked to an existing account.",
"ISCREATIONALLOWED": "Account creation allowed (manually)",
"ISCREATIONALLOWED_DESC": "Determines whether accounts can be created using an external account. Disable if users should not be able to edit account information when auto_creation is enabled.",
"ISLINKINGALLOWED": "Account linking allowed (manually)",
"ISLINKINGALLOWED_DESC": "Determines whether an identity can be manually linked to an existing account. Disable if users should only be allowed to link the proposed account in case of active auto_linking.",
"AUTOLINKING_DESC": "Determines whether an identity will be prompted to be linked to an existing account.",
"AUTOLINKINGTYPE": {
"0": "Disabled",