fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192)

This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP)

internal/command/session_model.go

@@ -52,24 +52,6 @@ type SessionWriteModel struct {
 	aggregate *eventstore.Aggregate
 }
 
-func (wm *SessionWriteModel) IsPasswordChecked() bool {
-	return !wm.PasswordCheckedAt.IsZero()
-}
-
-func (wm *SessionWriteModel) IsPasskeyChecked() bool {
-	return !wm.PasskeyCheckedAt.IsZero()
-}
-
-func (wm *SessionWriteModel) IsU2FChecked() bool {
-	// TODO: implement with https://github.com/zitadel/zitadel/issues/5477
-	return false
-}
-
-func (wm *SessionWriteModel) IsOTPChecked() bool {
-	// TODO: implement with https://github.com/zitadel/zitadel/issues/5477
-	return false
-}
-
 func NewSessionWriteModel(sessionID string, resourceOwner string) *SessionWriteModel {
 	return &SessionWriteModel{
 		WriteModel: eventstore.WriteModel{
@@ -244,3 +226,27 @@ func (wm *SessionWriteModel) AuthenticationTime() time.Time {
 	}
 	return authTime
 }
+
+// AuthMethodTypes returns a list of UserAuthMethodTypes based on succeeded checks
+func (wm *SessionWriteModel) AuthMethodTypes() []domain.UserAuthMethodType {
+	types := make([]domain.UserAuthMethodType, 0, domain.UserAuthMethodTypeIDP)
+	if !wm.PasswordCheckedAt.IsZero() {
+		types = append(types, domain.UserAuthMethodTypePassword)
+	}
+	if !wm.PasskeyCheckedAt.IsZero() {
+		types = append(types, domain.UserAuthMethodTypePasswordless)
+	}
+	if !wm.IntentCheckedAt.IsZero() {
+		types = append(types, domain.UserAuthMethodTypeIDP)
+	}
+	// TODO: add checks with https://github.com/zitadel/zitadel/issues/5477
+	/*
+		if !wm.TOTPCheckedAt.IsZero() {
+			types = append(types, domain.UserAuthMethodTypeOTP)
+		}
+		if !wm.U2FCheckedAt.IsZero() {
+			types = append(types, domain.UserAuthMethodTypeU2F)
+		}
+	*/
+	return types
+}