fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192)

This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP)
2025-08-12 03:37:34 +00:00 · 2023-07-12 14:24:01 +02:00
parent a3a1e245ad
commit ee26f99ebf
15 changed files with 156 additions and 174 deletions
--- a/internal/api/oidc/auth_request_converter.go
+++ b/internal/api/oidc/auth_request_converter.go
@@ -12,7 +12,6 @@ import (

 	"github.com/zitadel/zitadel/internal/api/authz"
 	http_utils "github.com/zitadel/zitadel/internal/api/http"
-	"github.com/zitadel/zitadel/internal/api/oidc/amr"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/user/model"
@@ -34,10 +33,10 @@ func (a *AuthRequest) GetACR() string {
 func (a *AuthRequest) GetAMR() []string {
 	list := make([]string, 0)
 	if a.PasswordVerified {
-		list = append(list, amr.Password, amr.PWD)
+		list = append(list, Password, PWD)
 	}
 	if len(a.MFAsVerified) > 0 {
-		list = append(list, amr.MFA)
+		list = append(list, MFA)
 		for _, mfa := range a.MFAsVerified {
 			if amrMFA := AMRFromMFAType(mfa); amrMFA != "" {
 				list = append(list, amrMFA)
@@ -263,10 +262,10 @@ func CodeChallengeToOIDC(challenge *domain.OIDCCodeChallenge) *oidc.CodeChalleng
 func AMRFromMFAType(mfaType domain.MFAType) string {
 	switch mfaType {
 	case domain.MFATypeOTP:
-		return amr.OTP
+		return OTP
 	case domain.MFATypeU2F,
 		domain.MFATypeU2FUserVerification:
-		return amr.UserPresence
+		return UserPresence
 	default:
 		return ""
 	}