fix: store auth methods instead of AMR in auth request linking and OIDC Session (#6192)

This PR changes the information stored on the SessionLinkedEvent and (OIDC Session) AddedEvent from OIDC AMR strings to domain.UserAuthMethodTypes, so no information is lost in the process (e.g. authentication with an IDP)
2025-08-11 19:07:30 +00:00 · 2023-07-12 14:24:01 +02:00
parent a3a1e245ad
commit ee26f99ebf
15 changed files with 156 additions and 174 deletions
--- a/internal/repository/authrequest/auth_request.go
+++ b/internal/repository/authrequest/auth_request.go
@@ -103,10 +103,10 @@ func AddedEventMapper(event *repository.Event) (eventstore.Event, error) {
 type SessionLinkedEvent struct {
 	eventstore.BaseEvent `json:"-"`

-	SessionID string    `json:"session_id"`
-	UserID    string    `json:"user_id"`
-	AuthTime  time.Time `json:"auth_time"`
-	AMR       []string  `json:"amr"`
+	SessionID   string                      `json:"session_id"`
+	UserID      string                      `json:"user_id"`
+	AuthTime    time.Time                   `json:"auth_time"`
+	AuthMethods []domain.UserAuthMethodType `json:"auth_methods"`
 }

 func (e *SessionLinkedEvent) Data() interface{} {
@@ -122,7 +122,7 @@ func NewSessionLinkedEvent(ctx context.Context,
 	sessionID,
 	userID string,
 	authTime time.Time,
-	amr []string,
+	authMethods []domain.UserAuthMethodType,
 ) *SessionLinkedEvent {
 	return &SessionLinkedEvent{
 		BaseEvent: *eventstore.NewBaseEventForPush(
@@ -130,10 +130,10 @@ func NewSessionLinkedEvent(ctx context.Context,
 			aggregate,
 			SessionLinkedType,
 		),
-		SessionID: sessionID,
-		UserID:    userID,
-		AuthTime:  authTime,
-		AMR:       amr,
+		SessionID:   sessionID,
+		UserID:      userID,
+		AuthTime:    authTime,
+		AuthMethods: authMethods,
 	}
 }

--- a/internal/repository/oidcsession/oidc_session.go
+++ b/internal/repository/oidcsession/oidc_session.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"time"

+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/repository"
@@ -21,13 +22,13 @@ const (
 type AddedEvent struct {
 	eventstore.BaseEvent `json:"-"`

-	UserID                string    `json:"userID"`
-	SessionID             string    `json:"sessionID"`
-	ClientID              string    `json:"clientID"`
-	Audience              []string  `json:"audience"`
-	Scope                 []string  `json:"scope"`
-	AuthMethodsReferences []string  `json:"authMethodsReferences"`
-	AuthTime              time.Time `json:"authTime"`
+	UserID      string                      `json:"userID"`
+	SessionID   string                      `json:"sessionID"`
+	ClientID    string                      `json:"clientID"`
+	Audience    []string                    `json:"audience"`
+	Scope       []string                    `json:"scope"`
+	AuthMethods []domain.UserAuthMethodType `json:"authMethods"`
+	AuthTime    time.Time                   `json:"authTime"`
 }

 func (e *AddedEvent) Data() interface{} {
@@ -45,7 +46,7 @@ func NewAddedEvent(ctx context.Context,
 	clientID string,
 	audience,
 	scope []string,
-	authMethodsReferences []string,
+	authMethods []domain.UserAuthMethodType,
 	authTime time.Time,
 ) *AddedEvent {
 	return &AddedEvent{
@@ -54,13 +55,13 @@ func NewAddedEvent(ctx context.Context,
 			aggregate,
 			AddedType,
 		),
-		UserID:                userID,
-		SessionID:             sessionID,
-		ClientID:              clientID,
-		Audience:              audience,
-		Scope:                 scope,
-		AuthMethodsReferences: authMethodsReferences,
-		AuthTime:              authTime,
+		UserID:      userID,
+		SessionID:   sessionID,
+		ClientID:    clientID,
+		Audience:    audience,
+		Scope:       scope,
+		AuthMethods: authMethods,
+		AuthTime:    authTime,
 	}
 }