fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192)

This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP)
2025-08-11 21:07:31 +00:00 · 2023-07-12 14:24:01 +02:00
parent a3a1e245ad
commit ee26f99ebf
15 changed files with 156 additions and 174 deletions
--- a/internal/api/oidc/amr_test.go
+++ b/internal/api/oidc/amr_test.go
@@ -0,0 +1,69 @@
+package oidc
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+func TestAMR(t *testing.T) {
+	type args struct {
+		methodTypes []domain.UserAuthMethodType
+	}
+	tests := []struct {
+		name string
+		args args
+		want []string
+	}{
+		{
+			"no checks, empty",
+			args{
+				nil,
+			},
+			[]string{},
+		},
+		{
+			"pw checked",
+			args{
+				[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
+			},
+			[]string{PWD},
+		},
+		{
+			"passkey checked",
+			args{
+				[]domain.UserAuthMethodType{domain.UserAuthMethodTypePasswordless},
+			},
+			[]string{UserPresence, MFA},
+		},
+		{
+			"u2f checked",
+			args{
+				[]domain.UserAuthMethodType{domain.UserAuthMethodTypeU2F},
+			},
+			[]string{UserPresence},
+		},
+		{
+			"otp checked",
+			args{
+				[]domain.UserAuthMethodType{domain.UserAuthMethodTypeOTP},
+			},
+			[]string{OTP},
+		},
+		{
+			"multiple checked",
+			args{
+				[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword, domain.UserAuthMethodTypeU2F},
+			},
+			[]string{PWD, UserPresence, MFA},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := AuthMethodTypesToAMR(tt.args.methodTypes)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}