From f12f31f6df6d0491c5eb0ad3a1ecb48d031b8f66 Mon Sep 17 00:00:00 2001
From: Iraq Jaber <iraq+github@zitadel.com>
Date: Wed, 30 Jul 2025 12:57:18 +0100
Subject: [PATCH] fixup! fixup! fixup! fixup! fixup! fixup! fixup! added first
 event

---
 .../events_testing/id_provider_test.go        |  51 +++++++++
 .../projection/idp_template_relational.go     | 107 +++++++++---------
 2 files changed, 106 insertions(+), 52 deletions(-)

diff --git a/backend/v3/storage/database/events_testing/id_provider_test.go b/backend/v3/storage/database/events_testing/id_provider_test.go
index 359ec3c159..aeccccc143 100644
--- a/backend/v3/storage/database/events_testing/id_provider_test.go
+++ b/backend/v3/storage/database/events_testing/id_provider_test.go
@@ -937,4 +937,55 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 			assert.WithinRange(t, google.UpdatedAt, beforeCreate, afterCreate)
 		}, retryDuration, tick)
 	})
+
+	t.Run("test instance idp jwt added reduces", func(t *testing.T) {
+		name := gofakeit.Name()
+
+		// add jwt
+		beforeCreate := time.Now().Add(-1 * time.Second)
+		addJWT, err := AdminClient.AddJWTProvider(CTX, &admin.AddJWTProviderRequest{
+			Name:         name,
+			Issuer:       "issuer",
+			JwtEndpoint:  "jwtEndpoint",
+			KeysEndpoint: "keyEndpoint",
+			HeaderName:   "headerName",
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  false,
+				IsCreationAllowed: false,
+				IsAutoCreation:    false,
+				IsAutoUpdate:      false,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL,
+			},
+		})
+		afterCreate := time.Now()
+		require.NoError(t, err)
+
+		idpRepo := repository.IDProviderRepository(pool)
+
+		// check values for jwt
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			jwt, err := idpRepo.GetJWT(CTX, idpRepo.IDCondition(addJWT.Id), instanceID, nil)
+			require.NoError(t, err)
+
+			// event instance.idp.jwt.added
+			// idp
+			assert.Equal(t, addJWT.Id, jwt.ID)
+			assert.Equal(t, domain.IDPTypeJWT.String(), jwt.Type)
+
+			// jwt
+			assert.Equal(t, addJWT.Id, jwt.ID)
+			assert.Equal(t, "jwtEndpoint", jwt.JWTEndpoint)
+			assert.Equal(t, "issuer", jwt.Issuer)
+			assert.Equal(t, "keyEndpoint", jwt.KeysEndpoint)
+			assert.Equal(t, "headerName", jwt.HeaderName)
+
+			assert.Equal(t, false, jwt.AllowLinking)
+			assert.Equal(t, false, jwt.AllowCreation)
+			assert.Equal(t, false, jwt.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), jwt.AllowAutoLinking)
+			assert.WithinRange(t, jwt.CreatedAt, beforeCreate, afterCreate)
+			assert.WithinRange(t, jwt.UpdatedAt, beforeCreate, afterCreate)
+		}, retryDuration, tick)
+	})
 }
diff --git a/internal/query/projection/idp_template_relational.go b/internal/query/projection/idp_template_relational.go
index 3aca34b6d3..7069e3a486 100644
--- a/internal/query/projection/idp_template_relational.go
+++ b/internal/query/projection/idp_template_relational.go
@@ -70,10 +70,10 @@ func (p *idpTemplateRelationalProjection) Reducers() []handler.AggregateReducer
 					Event:  instance.OIDCIDPMigratedGoogleEventType,
 					Reduce: p.reduceOIDCIDPRelationalMigratedGoogle,
 				},
-				// 		{
-				// 			Event:  instance.JWTIDPAddedEventType,
-				// 			Reduce: p.reduceJWTIDPAdded,
-				// 		},
+				{
+					Event:  instance.JWTIDPAddedEventType,
+					Reduce: p.reduceJWTIDPReducedAdded,
+				},
 				// 		{
 				// 			Event:  instance.JWTIDPChangedEventType,
 				// 			Reduce: p.reduceJWTIDPChanged,
@@ -349,7 +349,6 @@ func (p *idpTemplateRelationalProjection) reduceOAuthIDPRelationalAdded(event ev
 	// default:
 	// }
 
-	fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> AZURE")
 	e, ok := event.(*instance.OAuthIDPAddedEvent)
 	if !ok {
 		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ap9ihb", "reduce.wrong.event.type %v", []eventstore.EventType{org.OAuthIDPAddedEventType, instance.OAuthIDPAddedEventType})
@@ -647,54 +646,58 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalMigratedGoogle(
 	), nil
 }
 
-// func (p *idpTemplateProjection) reduceJWTIDPAdded(event eventstore.Event) (*handler.Statement, error) {
-// 	var idpEvent idp.JWTIDPAddedEvent
-// 	var idpOwnerType domain.IdentityProviderType
-// 	switch e := event.(type) {
-// 	case *org.JWTIDPAddedEvent:
-// 		idpEvent = e.JWTIDPAddedEvent
-// 		idpOwnerType = domain.IdentityProviderTypeOrg
-// 	case *instance.JWTIDPAddedEvent:
-// 		idpEvent = e.JWTIDPAddedEvent
-// 		idpOwnerType = domain.IdentityProviderTypeSystem
-// 	default:
-// 		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xopi2s", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPAddedEventType, instance.JWTIDPAddedEventType})
-// 	}
+func (p *idpTemplateRelationalProjection) reduceJWTIDPReducedAdded(event eventstore.Event) (*handler.Statement, error) {
+	// var e idp.JWTIDPAddedEvent
+	// var idpOwnerType domain.IdentityProviderType
+	// switch e := event.(type) {
+	// case *org.JWTIDPAddedEvent:
+	// 	idpEvent = e.JWTIDPAddedEvent
+	// 	idpOwnerType = domain.IdentityProviderTypeOrg
+	// case *instance.JWTIDPAddedEvent:
+	// 	idpEvent = e.JWTIDPAddedEvent
+	// 	idpOwnerType = domain.IdentityProviderTypeSystem
+	// default:
+	// 	return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xopi2s", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPAddedEventType, instance.JWTIDPAddedEventType})
+	// }
 
-// 	return handler.NewMultiStatement(
-// 		&idpEvent,
-// 		handler.AddCreateStatement(
-// 			[]handler.Column{
-// 				handler.NewCol(IDPTemplateIDCol, idpEvent.ID),
-// 				handler.NewCol(IDPTemplateCreationDateCol, idpEvent.CreationDate()),
-// 				handler.NewCol(IDPTemplateChangeDateCol, idpEvent.CreationDate()),
-// 				handler.NewCol(IDPTemplateSequenceCol, idpEvent.Sequence()),
-// 				handler.NewCol(IDPTemplateResourceOwnerCol, idpEvent.Aggregate().ResourceOwner),
-// 				handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 				handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive),
-// 				handler.NewCol(IDPTemplateNameCol, idpEvent.Name),
-// 				handler.NewCol(IDPTemplateOwnerTypeCol, idpOwnerType),
-// 				handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeJWT),
-// 				handler.NewCol(IDPTemplateIsCreationAllowedCol, idpEvent.IsCreationAllowed),
-// 				handler.NewCol(IDPTemplateIsLinkingAllowedCol, idpEvent.IsLinkingAllowed),
-// 				handler.NewCol(IDPTemplateIsAutoCreationCol, idpEvent.IsAutoCreation),
-// 				handler.NewCol(IDPTemplateIsAutoUpdateCol, idpEvent.IsAutoUpdate),
-// 				handler.NewCol(IDPTemplateAutoLinkingCol, idpEvent.AutoLinkingOption),
-// 			},
-// 		),
-// 		handler.AddCreateStatement(
-// 			[]handler.Column{
-// 				handler.NewCol(JWTIDCol, idpEvent.ID),
-// 				handler.NewCol(JWTInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 				handler.NewCol(JWTIssuerCol, idpEvent.Issuer),
-// 				handler.NewCol(JWTEndpointCol, idpEvent.JWTEndpoint),
-// 				handler.NewCol(JWTKeysEndpointCol, idpEvent.KeysEndpoint),
-// 				handler.NewCol(JWTHeaderNameCol, idpEvent.HeaderName),
-// 			},
-// 			handler.WithTableSuffix(IDPTemplateJWTSuffix),
-// 		),
-// 	), nil
-// }
+	fmt.Println("@@ >>>>>>>>>>>>>>>>>>>>>>>>>>>> JWWWWWWT")
+	e, ok := event.(*instance.JWTIDPAddedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-xopi2s", "reduce.wrong.event.type %v", []eventstore.EventType{org.JWTIDPAddedEventType, instance.JWTIDPAddedEventType})
+	}
+
+	jwt := domain.JWT{
+		JWTEndpoint:  e.JWTEndpoint,
+		Issuer:       e.Issuer,
+		KeysEndpoint: e.KeysEndpoint,
+		HeaderName:   e.HeaderName,
+	}
+
+	payload, err := json.Marshal(jwt)
+	if err != nil {
+		return nil, err
+	}
+
+	return handler.NewMultiStatement(
+		e,
+		handler.AddCreateStatement(
+			[]handler.Column{
+				handler.NewCol(IDPTemplateIDCol, e.ID),
+				handler.NewCol(IDPTemplateInstanceIDCol, e.Aggregate().InstanceID),
+				handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive.String()),
+				handler.NewCol(IDPTemplateNameCol, e.Name),
+				handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeJWT.String()),
+				handler.NewCol(IDPRelationalAllowCreationCol, e.IsCreationAllowed),
+				handler.NewCol(IDPRelationalAllowLinkingCol, e.IsLinkingAllowed),
+				handler.NewCol(IDPRelationalAllowAutoCreationCol, e.IsAutoCreation),
+				handler.NewCol(IDPRelationalAllowAutoUpdateCol, e.IsAutoUpdate),
+				handler.NewCol(IDPRelationalAllowAutoLinkingCol, domain.IDPAutoLinkingOption(e.AutoLinkingOption).String()),
+				handler.NewCol(IDPRelationalPayloadCol, payload),
+				handler.NewCol(CreatedAt, e.CreationDate()),
+			},
+		),
+	), nil
+}
 
 // func (p *idpTemplateProjection) reduceJWTIDPChanged(event eventstore.Event) (*handler.Statement, error) {
 // 	var idpEvent idp.JWTIDPChangedEvent