mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-28 18:47:46 +00:00
15fd3045e0
* feat: first implementation for saml sp * fix: add command side instance and org for saml provider * fix: add query side instance and org for saml provider * fix: request handling in event and retrieval of finished intent * fix: add review changes and integration tests * fix: add integration tests for saml idp * fix: correct unit tests with review changes * fix: add saml session unit test * fix: add saml session unit test * fix: add saml session unit test * fix: changes from review * fix: changes from review * fix: proto build error * fix: proto build error * fix: proto build error * fix: proto require metadata oneof * fix: login with saml provider * fix: integration test for saml assertion * lint client.go * fix json tag * fix: linting * fix import * fix: linting * fix saml idp query * fix: linting * lint: try all issues * revert linting config * fix: add regenerate endpoints * fix: translations * fix mk.yaml * ignore acs path for user agent cookie * fix: add AuthFromProvider test for saml * fix: integration test for saml retrieve information --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
124 lines
2.6 KiB
Go
124 lines
2.6 KiB
Go
package oidc
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
|
|
"github.com/zitadel/oidc/v2/pkg/client/rp"
|
|
"github.com/zitadel/oidc/v2/pkg/oidc"
|
|
"golang.org/x/text/language"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/idp"
|
|
)
|
|
|
|
var ErrCodeMissing = errors.New("no auth code provided")
|
|
|
|
var _ idp.Session = (*Session)(nil)
|
|
|
|
// Session is the [idp.Session] implementation for the OIDC provider.
|
|
type Session struct {
|
|
Provider *Provider
|
|
AuthURL string
|
|
Code string
|
|
Tokens *oidc.Tokens[*oidc.IDTokenClaims]
|
|
}
|
|
|
|
// GetAuth implements the [idp.Session] interface.
|
|
func (s *Session) GetAuth(ctx context.Context) (string, bool) {
|
|
return idp.Redirect(s.AuthURL)
|
|
}
|
|
|
|
// FetchUser implements the [idp.Session] interface.
|
|
// It will execute an OIDC code exchange if needed to retrieve the tokens,
|
|
// call the userinfo endpoint and map the received information into an [idp.User].
|
|
func (s *Session) FetchUser(ctx context.Context) (user idp.User, err error) {
|
|
if s.Tokens == nil {
|
|
if err = s.Authorize(ctx); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
info, err := rp.Userinfo(
|
|
s.Tokens.AccessToken,
|
|
s.Tokens.TokenType,
|
|
s.Tokens.IDTokenClaims.GetSubject(),
|
|
s.Provider.RelyingParty,
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if s.Provider.useIDToken {
|
|
info = s.Tokens.IDTokenClaims.GetUserInfo()
|
|
}
|
|
u := s.Provider.userInfoMapper(info)
|
|
return u, nil
|
|
}
|
|
|
|
func (s *Session) Authorize(ctx context.Context) (err error) {
|
|
if s.Code == "" {
|
|
return ErrCodeMissing
|
|
}
|
|
s.Tokens, err = rp.CodeExchange[*oidc.IDTokenClaims](ctx, s.Code, s.Provider.RelyingParty)
|
|
return err
|
|
}
|
|
|
|
func NewUser(info *oidc.UserInfo) *User {
|
|
return &User{UserInfo: info}
|
|
}
|
|
|
|
type User struct {
|
|
*oidc.UserInfo
|
|
}
|
|
|
|
func (u *User) GetID() string {
|
|
return u.Subject
|
|
}
|
|
|
|
func (u *User) GetFirstName() string {
|
|
return u.GivenName
|
|
}
|
|
|
|
func (u *User) GetLastName() string {
|
|
return u.FamilyName
|
|
}
|
|
|
|
func (u *User) GetDisplayName() string {
|
|
return u.Name
|
|
}
|
|
|
|
func (u *User) GetNickname() string {
|
|
return u.Nickname
|
|
}
|
|
|
|
func (u *User) GetPreferredUsername() string {
|
|
return u.PreferredUsername
|
|
}
|
|
|
|
func (u *User) GetEmail() domain.EmailAddress {
|
|
return domain.EmailAddress(u.UserInfo.Email)
|
|
}
|
|
|
|
func (u *User) IsEmailVerified() bool {
|
|
return bool(u.EmailVerified)
|
|
}
|
|
|
|
func (u *User) GetPhone() domain.PhoneNumber {
|
|
return domain.PhoneNumber(u.PhoneNumber)
|
|
}
|
|
|
|
func (u *User) IsPhoneVerified() bool {
|
|
return u.PhoneNumberVerified
|
|
}
|
|
|
|
func (u *User) GetPreferredLanguage() language.Tag {
|
|
return u.Locale.Tag()
|
|
}
|
|
|
|
func (u *User) GetAvatarURL() string {
|
|
return u.Picture
|
|
}
|
|
|
|
func (u *User) GetProfile() string {
|
|
return u.Profile
|
|
}
|