Merge pull request #433 from zitadel/fix-idp-callback

fix(idp): use default org for user creation if no context detected
2025-08-12 19:47:34 +00:00 · 2025-04-24 14:29:48 +02:00
parent 7cfa25e201 b5d42a0ac2
commit ecc9a26e94
11 changed files with 1559 additions and 1742 deletions
--- a/acceptance/oidc/go.mod
+++ b/acceptance/oidc/go.mod
@@ -19,8 +19,8 @@ require (
 	go.opentelemetry.io/otel v1.29.0 // indirect
 	go.opentelemetry.io/otel/metric v1.29.0 // indirect
 	go.opentelemetry.io/otel/trace v1.29.0 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
 	golang.org/x/oauth2 v0.28.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
 	golang.org/x/text v0.22.0 // indirect
 )
--- a/acceptance/oidc/go.sum
+++ b/acceptance/oidc/go.sum
@@ -48,15 +48,15 @@ go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2
 go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8=
 go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4=
 go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
 golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
 golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
--- a/acceptance/saml/go.mod
+++ b/acceptance/saml/go.mod
@@ -7,7 +7,7 @@ require github.com/crewjam/saml v0.4.14
 require (
 	github.com/beevik/etree v1.5.0 // indirect
 	github.com/crewjam/httperr v0.2.0 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.1 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/jonboulle/clockwork v0.5.0 // indirect
 	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
--- a/acceptance/saml/go.sum
+++ b/acceptance/saml/go.sum
@@ -7,8 +7,8 @@ github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1n
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
-github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I=
--- a/apps/login/package.json
+++ b/apps/login/package.json
@@ -48,26 +48,26 @@
    "jose": "^5.3.0",
    "lucide-react": "0.469.0",
    "moment": "^2.29.4",
-    "next": "15.3.1-canary.9",
+    "next": "15.4.0-canary.3",
    "next-intl": "^3.25.1",
    "next-themes": "^0.2.1",
    "nice-grpc": "2.0.1",
    "qrcode.react": "^3.1.0",
-    "react": "19.0.0",
+    "react": "19.1.0",
-    "react-dom": "19.0.0",
+    "react-dom": "19.1.0",
    "react-hook-form": "7.39.5",
    "swr": "^2.2.0",
    "tinycolor2": "1.4.2",
    "uuid": "^11.1.0"
  },
  "devDependencies": {
-    "@bufbuild/buf": "^1.46.0",
+    "@bufbuild/buf": "^1.53.0",
    "@testing-library/jest-dom": "^6.6.3",
-    "@testing-library/react": "^16.0.1",
+    "@testing-library/react": "^16.3.0",
-    "@types/ms": "0.7.34",
+    "@types/ms": "2.1.0",
-    "@types/node": "^20.17.17",
+    "@types/node": "^22.14.1",
-    "@types/react": "19.0.2",
+    "@types/react": "19.1.2",
-    "@types/react-dom": "19.0.2",
+    "@types/react-dom": "19.1.2",
    "@types/tinycolor2": "1.4.3",
    "@types/uuid": "^10.0.0",
    "@vercel/git-hooks": "1.0.0",
@@ -75,22 +75,22 @@
    "@zitadel/prettier-config": "workspace:*",
    "@zitadel/tailwind-config": "workspace:*",
    "@zitadel/tsconfig": "workspace:*",
-    "autoprefixer": "10.4.20",
+    "autoprefixer": "10.4.21",
-    "concurrently": "^9.1.0",
+    "concurrently": "^9.1.2",
-    "cypress": "^13.15.2",
+    "cypress": "^14.3.2",
    "del-cli": "6.0.0",
    "env-cmd": "^10.0.0",
-    "grpc-tools": "1.12.4",
+    "grpc-tools": "1.13.0",
-    "jsdom": "^25.0.1",
+    "jsdom": "^26.1.0",
-    "lint-staged": "15.2.10",
+    "lint-staged": "15.5.1",
    "make-dir-cli": "4.0.0",
-    "nodemon": "^3.1.7",
+    "nodemon": "^3.1.9",
-    "postcss": "8.4.49",
+    "postcss": "8.5.3",
-    "prettier-plugin-tailwindcss": "0.6.8",
+    "prettier-plugin-tailwindcss": "0.6.11",
-    "sass": "^1.80.7",
+    "sass": "^1.87.0",
-    "start-server-and-test": "^2.0.8",
+    "start-server-and-test": "^2.0.11",
    "tailwindcss": "3.4.14",
-    "ts-proto": "^2.2.7",
+    "ts-proto": "^2.7.0",
-    "typescript": "^5.6.3"
+    "typescript": "^5.8.3"
  }
 }
--- a/apps/login/src/app/(login)/idp/[provider]/success/page.tsx
+++ b/apps/login/src/app/(login)/idp/[provider]/success/page.tsx
@@ -4,7 +4,6 @@ import { linkingFailed } from "@/components/idps/pages/linking-failed";
 import { linkingSuccess } from "@/components/idps/pages/linking-success";
 import { loginFailed } from "@/components/idps/pages/login-failed";
 import { loginSuccess } from "@/components/idps/pages/login-success";
 import { idpTypeToIdentityProviderType } from "@/lib/idp";
 import { getServiceUrlFromHeaders } from "@/lib/service";
 import {
  addHuman,
@@ -19,7 +18,10 @@ import {
 import { create } from "@zitadel/client";
 import { AutoLinkingOption } from "@zitadel/proto/zitadel/idp/v2/idp_pb";
 import { OrganizationSchema } from "@zitadel/proto/zitadel/object/v2/object_pb";
-import { AddHumanUserRequestSchema } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
+import {
  AddHumanUserRequest,
  AddHumanUserRequestSchema,
 } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 import { getLocale, getTranslations } from "next-intl/server";
 import { headers } from "next/headers";
@@ -83,8 +85,6 @@ export default async function Page(props: {
    throw new Error("IDP not found");
  }
  const providerType = idpTypeToIdentityProviderType(idp.type);
  if (link) {
    if (!options?.isLinkingAllowed) {
      // linking was probably disallowed since the invitation was created
@@ -205,15 +205,23 @@ export default async function Page(props: {
      }
    }
-    if (addHumanUser && orgToRegisterOn) {
+    if (addHumanUser) {
-      const organizationSchema = create(OrganizationSchema, {
+      let addHumanUserWithOrganization: AddHumanUserRequest;
-        org: { case: "orgId", value: orgToRegisterOn },
+      if (orgToRegisterOn) {
-      });
+        const organizationSchema = create(OrganizationSchema, {
          org: { case: "orgId", value: orgToRegisterOn },
        });
-      const addHumanUserWithOrganization = create(AddHumanUserRequestSchema, {
+        addHumanUserWithOrganization = create(AddHumanUserRequestSchema, {
-        ...addHumanUser,
+          ...addHumanUser,
-        organization: organizationSchema,
+          organization: organizationSchema,
-      });
+        });
      } else {
        addHumanUserWithOrganization = create(
          AddHumanUserRequestSchema,
          addHumanUser,
        );
      }
      newUser = await addHuman({
        serviceUrl,
--- a/apps/login/src/app/(login)/mfa/set/page.tsx
+++ b/apps/login/src/app/(login)/mfa/set/page.tsx
@@ -68,6 +68,7 @@ export default async function Page(props: {
          user.user?.type.case === "human" ? user.user?.type.value : undefined;
        return {
          id: session.id,
          factors: session?.factors,
          authMethods: methods.authMethodTypes ?? [],
          phoneVerified: humanUser?.phone?.isVerified ?? false,
@@ -142,7 +143,7 @@ export default async function Page(props: {
            <ChooseSecondFactorToSetup
              userId={sessionWithData.factors?.user?.id}
              loginName={loginName}
-              sessionId={sessionId}
+              sessionId={sessionWithData.id}
              requestId={requestId}
              organization={organization}
              loginSettings={loginSettings}
--- a/package.json
+++ b/package.json
@@ -41,22 +41,22 @@
    "@otplib/core": "^12.0.0",
    "@otplib/plugin-thirty-two": "^12.0.0",
    "@otplib/plugin-crypto": "^12.0.0",
-    "@faker-js/faker": "^9.2.0",
+    "@faker-js/faker": "^9.7.0",
-    "@changesets/cli": "^2.27.9",
+    "@changesets/cli": "^2.29.2",
-    "@playwright/test": "^1.48.2",
+    "@playwright/test": "^1.52.0",
-    "@types/node": "^20.17.17",
+    "@types/node": "^22.14.1",
-    "@vitejs/plugin-react": "^4.3.3",
+    "@vitejs/plugin-react": "^4.4.1",
    "@zitadel/prettier-config": "workspace:*",
-    "axios": "^1.8.2",
+    "axios": "^1.8.4",
-    "dotenv": "^16.4.5",
+    "dotenv": "^16.5.0",
    "eslint": "8.57.1",
    "@zitadel/eslint-config": "workspace:*",
-    "prettier": "^3.2.5",
+    "prettier": "^3.5.3",
    "prettier-plugin-organize-imports": "^4.1.0",
-    "tsup": "^8.3.5",
+    "tsup": "^8.4.0",
-    "turbo": "2.2.3",
+    "turbo": "2.5.0",
-    "typescript": "^5.6.3",
+    "typescript": "^5.8.3",
-    "vite-tsconfig-paths": "^5.1.2",
+    "vite-tsconfig-paths": "^5.1.4",
-    "vitest": "^2.1.4"
+    "vitest": "^3.1.2"
  }
 }
--- a/packages/zitadel-proto/package.json
+++ b/packages/zitadel-proto/package.json
@@ -21,6 +21,6 @@
    "@bufbuild/protobuf": "^2.2.2"
  },
  "devDependencies": {
-    "@bufbuild/buf": "^1.47.2"
+    "@bufbuild/buf": "^1.53.0"
  }
 }
--- a/packages/zitadel-tailwind-config/package.json
+++ b/packages/zitadel-tailwind-config/package.json
@@ -6,7 +6,7 @@
  },
  "main": "index.js",
  "devDependencies": {
-    "tailwindcss": "^3.4.14",
+    "tailwindcss": "^4.1.4",
    "@tailwindcss/forms": "0.5.3"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml