feat: Extend oidc idp with oauth endpoints (#1980)

* feat: add oauth attributes to oidc idp configuration * feat: return idpconfig id on create idp * feat: tests * feat: descriptions * feat: docs * feat: tests
2025-10-10 08:37:41 +00:00 · 2021-07-06 16:39:48 +02:00
parent 5349d96ce4
commit ff9af1704f
39 changed files with 419 additions and 156 deletions
--- a/internal/ui/login/handler/external_login_handler.go
+++ b/internal/ui/login/handler/external_login_handler.go
@@ -3,6 +3,8 @@ package handler
 import (
 	"github.com/caos/oidc/pkg/client/rp"
 	"github.com/caos/oidc/pkg/oidc"
+	"golang.org/x/oauth2"
+
 	http_mw "github.com/caos/zitadel/internal/api/http/middleware"
 	"github.com/caos/zitadel/internal/crypto"
 	"github.com/caos/zitadel/internal/domain"
@@ -119,7 +121,29 @@ func (l *Login) getRPConfig(w http.ResponseWriter, r *http.Request, authReq *dom
 		l.renderError(w, r, authReq, err)
 		return nil
 	}
-	provider, err := rp.NewRelyingPartyOIDC(idpConfig.OIDCIssuer, idpConfig.OIDCClientID, oidcClientSecret, l.baseURL+callbackEndpoint, idpConfig.OIDCScopes, rp.WithVerifierOpts(rp.WithIssuedAtOffset(3*time.Second)))
+	if idpConfig.OIDCIssuer != "" {
+		provider, err := rp.NewRelyingPartyOIDC(idpConfig.OIDCIssuer, idpConfig.OIDCClientID, oidcClientSecret, l.baseURL+callbackEndpoint, idpConfig.OIDCScopes, rp.WithVerifierOpts(rp.WithIssuedAtOffset(3*time.Second)))
+		if err != nil {
+			l.renderError(w, r, authReq, err)
+			return nil
+		}
+		return provider
+	}
+	if idpConfig.OAuthAuthorizationEndpoint == "" || idpConfig.OAuthTokenEndpoint == "" {
+		l.renderError(w, r, authReq, caos_errors.ThrowPreconditionFailed(nil, "RP-4n0fs", "Errors.IdentityProvider.InvalidConfig"))
+		return nil
+	}
+	oauth2Config := &oauth2.Config{
+		ClientID:     idpConfig.OIDCClientID,
+		ClientSecret: oidcClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  idpConfig.OAuthAuthorizationEndpoint,
+			TokenURL: idpConfig.OAuthTokenEndpoint,
+		},
+		RedirectURL: l.baseURL + callbackEndpoint,
+		Scopes:      idpConfig.OIDCScopes,
+	}
+	provider, err := rp.NewRelyingPartyOAuth(oauth2Config, rp.WithVerifierOpts(rp.WithIssuedAtOffset(3*time.Second)))
 	if err != nil {
 		l.renderError(w, r, authReq, err)
 		return nil
--- a/internal/ui/login/static/i18n/de.yaml
+++ b/internal/ui/login/static/i18n/de.yaml
@@ -296,5 +296,7 @@ Errors:
      IDPTypeNotImplemented: IDP Typ ist nicht implementiert
      NotAllowed: Externer Login Provider ist nicht erlaubt
    GrantRequired: Der Login an diese Applikation ist nicht möglich. Der Benutzer benötigt mindestens eine Berechtigung an der Applikation. Bitte melde dich bei deinem Administrator.
+  IdentityProvider:
+    InvalidConfig: Identitäts Provider Konfiguration ist ungültig

 optional: (optional)
--- a/internal/ui/login/static/i18n/en.yaml
+++ b/internal/ui/login/static/i18n/en.yaml
@@ -295,6 +295,7 @@ Errors:
      IDPTypeNotImplemented: IDP Type is not implemented
      NotAllowed: External Login Provider not allowed
    GrantRequired: Login not possible. The user is required to have at least one grant on the application. Please contact your administrator.
-
+  IdentityProvider:
+    InvalidConfig: Identity Provider configuration is invalid

 optional: (optional)