mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 03:37:34 +00:00
feat: Extend oidc idp with oauth endpoints (#1980)
* feat: add oauth attributes to oidc idp configuration * feat: return idpconfig id on create idp * feat: tests * feat: descriptions * feat: docs * feat: tests
This commit is contained in:
Fabi
@@ -33,7 +33,7 @@ func (s *Server) AddOIDCIDP(ctx context.Context, req *admin_pb.AddOIDCIDPRequest
|
||||
return nil, err
|
||||
}
|
||||
return &admin_pb.AddOIDCIDPResponse{
|
||||
IdpId: config.AggregateID,
|
||||
IdpId: config.IDPConfigID,
|
||||
Details: object_pb.AddToDetailsPb(
|
||||
config.Sequence,
|
||||
config.ChangeDate,
|
||||
|
||||
@@ -24,6 +24,8 @@ func addOIDCIDPRequestToDomainOIDCIDPConfig(req *admin_pb.AddOIDCIDPRequest) *do
|
||||
ClientID: req.ClientId,
|
||||
ClientSecretString: req.ClientSecret,
|
||||
Issuer: req.Issuer,
|
||||
AuthorizationEndpoint: req.AuthorizationEndpoint,
|
||||
TokenEndpoint: req.TokenEndpoint,
|
||||
Scopes: req.Scopes,
|
||||
IDPDisplayNameMapping: idp_grpc.MappingFieldToDomain(req.DisplayNameMapping),
|
||||
UsernameMapping: idp_grpc.MappingFieldToDomain(req.UsernameMapping),
|
||||
@@ -44,6 +46,8 @@ func updateOIDCConfigToDomain(req *admin_pb.UpdateIDPOIDCConfigRequest) *domain.
|
||||
ClientID: req.ClientId,
|
||||
ClientSecretString: req.ClientSecret,
|
||||
Issuer: req.Issuer,
|
||||
AuthorizationEndpoint: req.AuthorizationEndpoint,
|
||||
TokenEndpoint: req.TokenEndpoint,
|
||||
Scopes: req.Scopes,
|
||||
IDPDisplayNameMapping: idp_grpc.MappingFieldToDomain(req.DisplayNameMapping),
|
||||
UsernameMapping: idp_grpc.MappingFieldToDomain(req.UsernameMapping),
|
||||
|
||||
@@ -20,14 +20,16 @@ func Test_addOIDCIDPRequestToDomain(t *testing.T) {
|
||||
name: "all fields filled",
|
||||
args: args{
|
||||
req: &admin_pb.AddOIDCIDPRequest{
|
||||
Name: "ZITADEL",
|
||||
StylingType: idp.IDPStylingType_STYLING_TYPE_GOOGLE,
|
||||
ClientId: "test1234",
|
||||
ClientSecret: "test4321",
|
||||
Issuer: "zitadel.ch",
|
||||
Scopes: []string{"email", "profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
Name: "ZITADEL",
|
||||
StylingType: idp.IDPStylingType_STYLING_TYPE_GOOGLE,
|
||||
ClientId: "test1234",
|
||||
ClientSecret: "test4321",
|
||||
Issuer: "zitadel.ch",
|
||||
AuthorizationEndpoint: "https://accounts.zitadel.ch/oauth/v2/authorize",
|
||||
TokenEndpoint: "https://api.zitadel.ch/oauth/v2/token",
|
||||
Scopes: []string{"email", "profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -60,12 +62,14 @@ func Test_addOIDCIDPRequestToDomainOIDCIDPConfig(t *testing.T) {
|
||||
name: "all fields filled",
|
||||
args: args{
|
||||
req: &admin_pb.AddOIDCIDPRequest{
|
||||
ClientId: "test1234",
|
||||
ClientSecret: "test4321",
|
||||
Issuer: "zitadel.ch",
|
||||
Scopes: []string{"email", "profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
ClientId: "test1234",
|
||||
ClientSecret: "test4321",
|
||||
Issuer: "zitadel.ch",
|
||||
AuthorizationEndpoint: "https://accounts.zitadel.ch/oauth/v2/authorize",
|
||||
TokenEndpoint: "https://api.zitadel.ch/oauth/v2/token",
|
||||
Scopes: []string{"email", "profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -126,13 +130,15 @@ func Test_updateOIDCConfigToDomain(t *testing.T) {
|
||||
name: "all fields filled",
|
||||
args: args{
|
||||
req: &admin_pb.UpdateIDPOIDCConfigRequest{
|
||||
IdpId: "4208",
|
||||
Issuer: "zitadel.ch",
|
||||
ClientId: "ZITEADEL",
|
||||
ClientSecret: "i'm so secret",
|
||||
Scopes: []string{"profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
IdpId: "4208",
|
||||
Issuer: "zitadel.ch",
|
||||
AuthorizationEndpoint: "https://accounts.zitadel.ch/oauth/v2/authorize",
|
||||
TokenEndpoint: "https://api.zitadel.ch/oauth/v2/token",
|
||||
ClientId: "ZITEADEL",
|
||||
ClientSecret: "i'm so secret",
|
||||
Scopes: []string{"profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
@@ -133,11 +133,13 @@ func IDPStylingTypeToPb(stylingType domain.IDPConfigStylingType) idp_pb.IDPStyli
|
||||
func ModelIDPViewToConfigPb(config *iam_model.IDPConfigView) *idp_pb.IDP_OidcConfig {
|
||||
return &idp_pb.IDP_OidcConfig{
|
||||
OidcConfig: &idp_pb.OIDCConfig{
|
||||
ClientId: config.OIDCClientID,
|
||||
Issuer: config.OIDCIssuer,
|
||||
Scopes: config.OIDCScopes,
|
||||
DisplayNameMapping: ModelMappingFieldToPb(config.OIDCIDPDisplayNameMapping),
|
||||
UsernameMapping: ModelMappingFieldToPb(config.OIDCUsernameMapping),
|
||||
ClientId: config.OIDCClientID,
|
||||
Issuer: config.OIDCIssuer,
|
||||
Scopes: config.OIDCScopes,
|
||||
DisplayNameMapping: ModelMappingFieldToPb(config.OIDCIDPDisplayNameMapping),
|
||||
UsernameMapping: ModelMappingFieldToPb(config.OIDCUsernameMapping),
|
||||
AuthorizationEndpoint: config.OAuthAuthorizationEndpoint,
|
||||
TokenEndpoint: config.OAuthTokenEndpoint,
|
||||
},
|
||||
}
|
||||
}
|
||||
@@ -145,23 +147,13 @@ func ModelIDPViewToConfigPb(config *iam_model.IDPConfigView) *idp_pb.IDP_OidcCon
|
||||
func IDPViewToConfigPb(config *domain.IDPConfigView) *idp_pb.IDP_OidcConfig {
|
||||
return &idp_pb.IDP_OidcConfig{
|
||||
OidcConfig: &idp_pb.OIDCConfig{
|
||||
ClientId: config.OIDCClientID,
|
||||
Issuer: config.OIDCIssuer,
|
||||
Scopes: config.OIDCScopes,
|
||||
DisplayNameMapping: MappingFieldToPb(config.OIDCIDPDisplayNameMapping),
|
||||
UsernameMapping: MappingFieldToPb(config.OIDCUsernameMapping),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func OIDCConfigToPb(config *domain.OIDCIDPConfig) *idp_pb.IDP_OidcConfig {
|
||||
return &idp_pb.IDP_OidcConfig{
|
||||
OidcConfig: &idp_pb.OIDCConfig{
|
||||
ClientId: config.ClientID,
|
||||
Issuer: config.Issuer,
|
||||
Scopes: config.Scopes,
|
||||
DisplayNameMapping: MappingFieldToPb(config.IDPDisplayNameMapping),
|
||||
UsernameMapping: MappingFieldToPb(config.UsernameMapping),
|
||||
ClientId: config.OIDCClientID,
|
||||
Issuer: config.OIDCIssuer,
|
||||
AuthorizationEndpoint: config.OAuthAuthorizationEndpoint,
|
||||
TokenEndpoint: config.OAuthTokenEndpoint,
|
||||
Scopes: config.OIDCScopes,
|
||||
DisplayNameMapping: MappingFieldToPb(config.OIDCIDPDisplayNameMapping),
|
||||
UsernameMapping: MappingFieldToPb(config.OIDCUsernameMapping),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ func (s *Server) AddOrgOIDCIDP(ctx context.Context, req *mgmt_pb.AddOrgOIDCIDPRe
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.AddOrgOIDCIDPResponse{
|
||||
IdpId: config.AggregateID,
|
||||
IdpId: config.IDPConfigID,
|
||||
Details: object_pb.AddToDetailsPb(
|
||||
config.Sequence,
|
||||
config.ChangeDate,
|
||||
|
||||
@@ -24,6 +24,8 @@ func addOIDCIDPRequestToDomainOIDCIDPConfig(req *mgmt_pb.AddOrgOIDCIDPRequest) *
|
||||
ClientID: req.ClientId,
|
||||
ClientSecretString: req.ClientSecret,
|
||||
Issuer: req.Issuer,
|
||||
AuthorizationEndpoint: req.AuthorizationEndpoint,
|
||||
TokenEndpoint: req.TokenEndpoint,
|
||||
Scopes: req.Scopes,
|
||||
IDPDisplayNameMapping: idp_grpc.MappingFieldToDomain(req.DisplayNameMapping),
|
||||
UsernameMapping: idp_grpc.MappingFieldToDomain(req.UsernameMapping),
|
||||
@@ -44,6 +46,8 @@ func updateOIDCConfigToDomain(req *mgmt_pb.UpdateOrgIDPOIDCConfigRequest) *domai
|
||||
ClientID: req.ClientId,
|
||||
ClientSecretString: req.ClientSecret,
|
||||
Issuer: req.Issuer,
|
||||
AuthorizationEndpoint: req.AuthorizationEndpoint,
|
||||
TokenEndpoint: req.TokenEndpoint,
|
||||
Scopes: req.Scopes,
|
||||
IDPDisplayNameMapping: idp_grpc.MappingFieldToDomain(req.DisplayNameMapping),
|
||||
UsernameMapping: idp_grpc.MappingFieldToDomain(req.UsernameMapping),
|
||||
|
||||
@@ -20,14 +20,16 @@ func Test_addOIDCIDPRequestToDomain(t *testing.T) {
|
||||
name: "all fields filled",
|
||||
args: args{
|
||||
req: &mgmt_pb.AddOrgOIDCIDPRequest{
|
||||
Name: "ZITADEL",
|
||||
StylingType: idp.IDPStylingType_STYLING_TYPE_GOOGLE,
|
||||
ClientId: "test1234",
|
||||
ClientSecret: "test4321",
|
||||
Issuer: "zitadel.ch",
|
||||
Scopes: []string{"email", "profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
Name: "ZITADEL",
|
||||
StylingType: idp.IDPStylingType_STYLING_TYPE_GOOGLE,
|
||||
ClientId: "test1234",
|
||||
ClientSecret: "test4321",
|
||||
Issuer: "zitadel.ch",
|
||||
AuthorizationEndpoint: "https://accounts.zitadel.ch/oauth/v2/authorize",
|
||||
TokenEndpoint: "https://api.zitadel.ch/oauth/v2/token",
|
||||
Scopes: []string{"email", "profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -60,12 +62,14 @@ func Test_addOIDCIDPRequestToDomainOIDCIDPConfig(t *testing.T) {
|
||||
name: "all fields filled",
|
||||
args: args{
|
||||
req: &mgmt_pb.AddOrgOIDCIDPRequest{
|
||||
ClientId: "test1234",
|
||||
ClientSecret: "test4321",
|
||||
Issuer: "zitadel.ch",
|
||||
Scopes: []string{"email", "profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
ClientId: "test1234",
|
||||
ClientSecret: "test4321",
|
||||
Issuer: "zitadel.ch",
|
||||
AuthorizationEndpoint: "https://accounts.zitadel.ch/oauth/v2/authorize",
|
||||
TokenEndpoint: "https://api.zitadel.ch/oauth/v2/token",
|
||||
Scopes: []string{"email", "profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -126,13 +130,15 @@ func Test_updateOIDCConfigToDomain(t *testing.T) {
|
||||
name: "all fields filled",
|
||||
args: args{
|
||||
req: &mgmt_pb.UpdateOrgIDPOIDCConfigRequest{
|
||||
IdpId: "4208",
|
||||
Issuer: "zitadel.ch",
|
||||
ClientId: "ZITEADEL",
|
||||
ClientSecret: "i'm so secret",
|
||||
Scopes: []string{"profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
IdpId: "4208",
|
||||
Issuer: "zitadel.ch",
|
||||
AuthorizationEndpoint: "https://accounts.zitadel.ch/oauth/v2/authorize",
|
||||
TokenEndpoint: "https://api.zitadel.ch/oauth/v2/token",
|
||||
ClientId: "ZITEADEL",
|
||||
ClientSecret: "i'm so secret",
|
||||
Scopes: []string{"profile"},
|
||||
DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
|
||||
UsernameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user