mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 22:47:35 +00:00
1b2fd23e0b
# Which Problems Are Solved When retrieving the information of an IdP intent, depending on the IdP type (e.g. Apple), there was issue when mapping the stored (event) information back to the specific IdP type, potentially leading to a panic. # How the Problems Are Solved - Correctly initialize the user struct to map the information to. # Additional Changes none # Additional Context - reported by a support request - needs backport to 3.x and 2.x
75 lines
2.1 KiB
Go
75 lines
2.1 KiB
Go
package apple
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
|
|
openid "github.com/zitadel/oidc/v3/pkg/oidc"
|
|
|
|
"github.com/zitadel/zitadel/internal/idp"
|
|
"github.com/zitadel/zitadel/internal/idp/providers/oidc"
|
|
)
|
|
|
|
var _ idp.Session = (*Session)(nil)
|
|
|
|
// Session extends the [oidc.Session] with the formValues returned from the callback.
|
|
// This enables to parse the user (name and email), which Apple only returns as form params on registration
|
|
type Session struct {
|
|
*oidc.Session
|
|
UserFormValue string
|
|
}
|
|
|
|
func NewSession(provider *Provider, code, userFormValue string) *Session {
|
|
return &Session{Session: oidc.NewSession(provider.Provider, code, nil), UserFormValue: userFormValue}
|
|
}
|
|
|
|
type userFormValue struct {
|
|
Name userNamesFormValue `json:"name,omitempty" schema:"name"`
|
|
}
|
|
|
|
type userNamesFormValue struct {
|
|
FirstName string `json:"firstName,omitempty" schema:"firstName"`
|
|
LastName string `json:"lastName,omitempty" schema:"lastName"`
|
|
}
|
|
|
|
// FetchUser implements the [idp.Session] interface.
|
|
// It will execute an OIDC code exchange if needed to retrieve the tokens,
|
|
// extract the information from the id_token and if available also from the `user` form value.
|
|
// The information will be mapped into an [idp.User].
|
|
func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) {
|
|
if s.Tokens == nil {
|
|
if err = s.Authorize(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
info := s.Tokens.IDTokenClaims.GetUserInfo()
|
|
userName := userFormValue{}
|
|
if s.UserFormValue != "" {
|
|
if err = json.Unmarshal([]byte(s.UserFormValue), &userName); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return NewUser(info, userName.Name), nil
|
|
}
|
|
|
|
func NewUser(info *openid.UserInfo, names userNamesFormValue) *User {
|
|
user := oidc.NewUser(info)
|
|
user.GivenName = names.FirstName
|
|
user.FamilyName = names.LastName
|
|
return &User{User: user}
|
|
}
|
|
|
|
func InitUser() idp.User {
|
|
return &User{User: oidc.InitUser()}
|
|
}
|
|
|
|
// User extends the [oidc.User] by returning the email as preferred_username, since Apple does not return the latter.
|
|
type User struct {
|
|
*oidc.User
|
|
}
|
|
|
|
func (u *User) GetPreferredUsername() string {
|
|
return u.Email
|
|
}
|