feat: Extend oidc idp with oauth endpoints (#1980)

* feat: add oauth attributes to oidc idp configuration * feat: return idpconfig id on create idp * feat: tests * feat: descriptions * feat: docs * feat: tests
2025-08-12 00:27:31 +00:00 · 2021-07-06 16:39:48 +02:00
parent 5349d96ce4
commit ff9af1704f
39 changed files with 419 additions and 156 deletions
--- a/internal/api/grpc/management/idp.go
+++ b/internal/api/grpc/management/idp.go
@@ -32,7 +32,7 @@ func (s *Server) AddOrgOIDCIDP(ctx context.Context, req *mgmt_pb.AddOrgOIDCIDPRe
 		return nil, err
 	}
 	return &mgmt_pb.AddOrgOIDCIDPResponse{
-		IdpId: config.AggregateID,
+		IdpId: config.IDPConfigID,
 		Details: object_pb.AddToDetailsPb(
 			config.Sequence,
 			config.ChangeDate,
--- a/internal/api/grpc/management/idp_converter.go
+++ b/internal/api/grpc/management/idp_converter.go
@@ -24,6 +24,8 @@ func addOIDCIDPRequestToDomainOIDCIDPConfig(req *mgmt_pb.AddOrgOIDCIDPRequest) *
 		ClientID:              req.ClientId,
 		ClientSecretString:    req.ClientSecret,
 		Issuer:                req.Issuer,
+		AuthorizationEndpoint: req.AuthorizationEndpoint,
+		TokenEndpoint:         req.TokenEndpoint,
 		Scopes:                req.Scopes,
 		IDPDisplayNameMapping: idp_grpc.MappingFieldToDomain(req.DisplayNameMapping),
 		UsernameMapping:       idp_grpc.MappingFieldToDomain(req.UsernameMapping),
@@ -44,6 +46,8 @@ func updateOIDCConfigToDomain(req *mgmt_pb.UpdateOrgIDPOIDCConfigRequest) *domai
 		ClientID:              req.ClientId,
 		ClientSecretString:    req.ClientSecret,
 		Issuer:                req.Issuer,
+		AuthorizationEndpoint: req.AuthorizationEndpoint,
+		TokenEndpoint:         req.TokenEndpoint,
 		Scopes:                req.Scopes,
 		IDPDisplayNameMapping: idp_grpc.MappingFieldToDomain(req.DisplayNameMapping),
 		UsernameMapping:       idp_grpc.MappingFieldToDomain(req.UsernameMapping),
--- a/internal/api/grpc/management/idp_converter_test.go
+++ b/internal/api/grpc/management/idp_converter_test.go
@@ -20,14 +20,16 @@ func Test_addOIDCIDPRequestToDomain(t *testing.T) {
 			name: "all fields filled",
 			args: args{
 				req: &mgmt_pb.AddOrgOIDCIDPRequest{
-					Name:               "ZITADEL",
-					StylingType:        idp.IDPStylingType_STYLING_TYPE_GOOGLE,
-					ClientId:           "test1234",
-					ClientSecret:       "test4321",
-					Issuer:             "zitadel.ch",
-					Scopes:             []string{"email", "profile"},
-					DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
-					UsernameMapping:    idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
+					Name:                  "ZITADEL",
+					StylingType:           idp.IDPStylingType_STYLING_TYPE_GOOGLE,
+					ClientId:              "test1234",
+					ClientSecret:          "test4321",
+					Issuer:                "zitadel.ch",
+					AuthorizationEndpoint: "https://accounts.zitadel.ch/oauth/v2/authorize",
+					TokenEndpoint:         "https://api.zitadel.ch/oauth/v2/token",
+					Scopes:                []string{"email", "profile"},
+					DisplayNameMapping:    idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
+					UsernameMapping:       idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
 				},
 			},
 		},
@@ -60,12 +62,14 @@ func Test_addOIDCIDPRequestToDomainOIDCIDPConfig(t *testing.T) {
 			name: "all fields filled",
 			args: args{
 				req: &mgmt_pb.AddOrgOIDCIDPRequest{
-					ClientId:           "test1234",
-					ClientSecret:       "test4321",
-					Issuer:             "zitadel.ch",
-					Scopes:             []string{"email", "profile"},
-					DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
-					UsernameMapping:    idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
+					ClientId:              "test1234",
+					ClientSecret:          "test4321",
+					Issuer:                "zitadel.ch",
+					AuthorizationEndpoint: "https://accounts.zitadel.ch/oauth/v2/authorize",
+					TokenEndpoint:         "https://api.zitadel.ch/oauth/v2/token",
+					Scopes:                []string{"email", "profile"},
+					DisplayNameMapping:    idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
+					UsernameMapping:       idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
 				},
 			},
 		},
@@ -126,13 +130,15 @@ func Test_updateOIDCConfigToDomain(t *testing.T) {
 			name: "all fields filled",
 			args: args{
 				req: &mgmt_pb.UpdateOrgIDPOIDCConfigRequest{
-					IdpId:              "4208",
-					Issuer:             "zitadel.ch",
-					ClientId:           "ZITEADEL",
-					ClientSecret:       "i'm so secret",
-					Scopes:             []string{"profile"},
-					DisplayNameMapping: idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
-					UsernameMapping:    idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
+					IdpId:                 "4208",
+					Issuer:                "zitadel.ch",
+					AuthorizationEndpoint: "https://accounts.zitadel.ch/oauth/v2/authorize",
+					TokenEndpoint:         "https://api.zitadel.ch/oauth/v2/token",
+					ClientId:              "ZITEADEL",
+					ClientSecret:          "i'm so secret",
+					Scopes:                []string{"profile"},
+					DisplayNameMapping:    idp.OIDCMappingField_OIDC_MAPPING_FIELD_EMAIL,
+					UsernameMapping:       idp.OIDCMappingField_OIDC_MAPPING_FIELD_PREFERRED_USERNAME,
 				},
 			},
 		},