fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192)

This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP)
2025-08-11 20:27:32 +00:00 · 2023-07-12 14:24:01 +02:00
parent a3a1e245ad
commit ee26f99ebf
15 changed files with 156 additions and 174 deletions
--- a/internal/command/auth_request_test.go
+++ b/internal/command/auth_request_test.go
@@ -10,7 +10,6 @@ import (
 	"github.com/stretchr/testify/require"

 	"github.com/zitadel/zitadel/internal/api/authz"
-	"github.com/zitadel/zitadel/internal/api/oidc/amr"
 	"github.com/zitadel/zitadel/internal/domain"
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -463,7 +462,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 								"sessionID",
 								"userID",
 								testNow,
-								[]string{amr.PWD},
+								[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
 							),
 						)}),
 				),
@@ -492,9 +491,9 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 						Audience:     []string{"audience"},
 						ResponseType: domain.OIDCResponseTypeCode,
 					},
-					SessionID: "sessionID",
-					UserID:    "userID",
-					AMR:       []string{amr.PWD},
+					SessionID:   "sessionID",
+					UserID:      "userID",
+					AuthMethods: []domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
 				},
 			},
 		},
@@ -542,7 +541,7 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 								"sessionID",
 								"userID",
 								testNow,
-								[]string{amr.PWD},
+								[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
 							),
 						)}),
 				),
@@ -572,9 +571,9 @@ func TestCommands_LinkSessionToAuthRequest(t *testing.T) {
 						Audience:     []string{"audience"},
 						ResponseType: domain.OIDCResponseTypeCode,
 					},
-					SessionID: "sessionID",
-					UserID:    "userID",
-					AMR:       []string{amr.PWD},
+					SessionID:   "sessionID",
+					UserID:      "userID",
+					AuthMethods: []domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
 				},
 			},
 		},
@@ -798,7 +797,7 @@ func TestCommands_AddAuthRequestCode(t *testing.T) {
 								"sessionID",
 								"userID",
 								testNow,
-								[]string{amr.PWD},
+								[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
 							),
 						),
 					),
@@ -930,7 +929,7 @@ func TestCommands_ExchangeAuthCode(t *testing.T) {
 								"sessionID",
 								"userID",
 								testNow,
-								[]string{amr.PWD},
+								[]domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
 							),
 						),
 						eventFromEventPusher(
@@ -972,9 +971,9 @@ func TestCommands_ExchangeAuthCode(t *testing.T) {
 						LoginHint:  gu.Ptr("loginHint"),
 						HintUserID: gu.Ptr("hintUserID"),
 					},
-					SessionID: "sessionID",
-					UserID:    "userID",
-					AMR:       []string{"pwd"},
+					SessionID:   "sessionID",
+					UserID:      "userID",
+					AuthMethods: []domain.UserAuthMethodType{domain.UserAuthMethodTypePassword},
 				},
 			},
 		},