mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-07 14:47:42 +00:00
1aa8c49e41
# Which Problems Are Solved Zitadel never stored or returned the requested `response_mode` in oidc Auth Requests. This caused the oidc library to fallback to the default based on the response_type. # How the Problems Are Solved - Store the `response_mode` in the Auth request repo - Store the `response_mode` in the Auth request v2 events - Return the `resonse_mode` from the Auth Request v1 and v2 `ResponseMode()` methods. (Was hard-coded to an empty string) # Additional Changes - Populate the `response_modes_supported` to the oidc Discovery Configuration. When it was empty, the standard specifies the default of `query` and `fragment`. However, our oidc library also supports `form_post` and by this fix, zitadel now also supports this. # Additional Context - Closes #6586 - Reported https://discord.com/channels/927474939156643850/1151508313717084220 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
292 lines
7.3 KiB
Go
292 lines
7.3 KiB
Go
package authrequest
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
const (
|
|
authRequestEventPrefix = "auth_request."
|
|
AddedType = authRequestEventPrefix + "added"
|
|
FailedType = authRequestEventPrefix + "failed"
|
|
CodeAddedType = authRequestEventPrefix + "code.added"
|
|
SessionLinkedType = authRequestEventPrefix + "session.linked"
|
|
CodeExchangedType = authRequestEventPrefix + "code.exchanged"
|
|
SucceededType = authRequestEventPrefix + "succeeded"
|
|
)
|
|
|
|
type AddedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
LoginClient string `json:"login_client"`
|
|
ClientID string `json:"client_id"`
|
|
RedirectURI string `json:"redirect_uri"`
|
|
State string `json:"state,omitempty"`
|
|
Nonce string `json:"nonce,omitempty"`
|
|
Scope []string `json:"scope,omitempty"`
|
|
Audience []string `json:"audience,omitempty"`
|
|
ResponseType domain.OIDCResponseType `json:"response_type,omitempty"`
|
|
ResponseMode domain.OIDCResponseMode `json:"response_mode,omitempty"`
|
|
CodeChallenge *domain.OIDCCodeChallenge `json:"code_challenge,omitempty"`
|
|
Prompt []domain.Prompt `json:"prompt,omitempty"`
|
|
UILocales []string `json:"ui_locales,omitempty"`
|
|
MaxAge *time.Duration `json:"max_age,omitempty"`
|
|
LoginHint *string `json:"login_hint,omitempty"`
|
|
HintUserID *string `json:"hint_user_id,omitempty"`
|
|
NeedRefreshToken bool `json:"need_refresh_token,omitempty"`
|
|
}
|
|
|
|
func (e *AddedEvent) Payload() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *AddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewAddedEvent(ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
loginClient,
|
|
clientID,
|
|
redirectURI,
|
|
state,
|
|
nonce string,
|
|
scope,
|
|
audience []string,
|
|
responseType domain.OIDCResponseType,
|
|
responseMode domain.OIDCResponseMode,
|
|
codeChallenge *domain.OIDCCodeChallenge,
|
|
prompt []domain.Prompt,
|
|
uiLocales []string,
|
|
maxAge *time.Duration,
|
|
loginHint,
|
|
hintUserID *string,
|
|
needRefreshToken bool,
|
|
) *AddedEvent {
|
|
return &AddedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
AddedType,
|
|
),
|
|
LoginClient: loginClient,
|
|
ClientID: clientID,
|
|
RedirectURI: redirectURI,
|
|
State: state,
|
|
Nonce: nonce,
|
|
Scope: scope,
|
|
Audience: audience,
|
|
ResponseType: responseType,
|
|
ResponseMode: responseMode,
|
|
CodeChallenge: codeChallenge,
|
|
Prompt: prompt,
|
|
UILocales: uiLocales,
|
|
MaxAge: maxAge,
|
|
LoginHint: loginHint,
|
|
HintUserID: hintUserID,
|
|
NeedRefreshToken: needRefreshToken,
|
|
}
|
|
}
|
|
|
|
func AddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
|
|
added := &AddedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
err := event.Unmarshal(added)
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInternal(err, "AUTHR-DG4gn", "unable to unmarshal auth request added")
|
|
}
|
|
|
|
return added, nil
|
|
}
|
|
|
|
type SessionLinkedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
SessionID string `json:"session_id"`
|
|
UserID string `json:"user_id"`
|
|
AuthTime time.Time `json:"auth_time"`
|
|
AuthMethods []domain.UserAuthMethodType `json:"auth_methods"`
|
|
}
|
|
|
|
func (e *SessionLinkedEvent) Payload() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *SessionLinkedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewSessionLinkedEvent(ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
sessionID,
|
|
userID string,
|
|
authTime time.Time,
|
|
authMethods []domain.UserAuthMethodType,
|
|
) *SessionLinkedEvent {
|
|
return &SessionLinkedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
SessionLinkedType,
|
|
),
|
|
SessionID: sessionID,
|
|
UserID: userID,
|
|
AuthTime: authTime,
|
|
AuthMethods: authMethods,
|
|
}
|
|
}
|
|
|
|
func SessionLinkedEventMapper(event eventstore.Event) (eventstore.Event, error) {
|
|
added := &SessionLinkedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
err := event.Unmarshal(added)
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInternal(err, "AUTHR-Sfe3w", "unable to unmarshal auth request session linked")
|
|
}
|
|
|
|
return added, nil
|
|
}
|
|
|
|
type FailedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
|
|
Reason domain.OIDCErrorReason `json:"reason,omitempty"`
|
|
}
|
|
|
|
func (e *FailedEvent) Payload() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *FailedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewFailedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
reason domain.OIDCErrorReason,
|
|
) *FailedEvent {
|
|
return &FailedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
FailedType,
|
|
),
|
|
Reason: reason,
|
|
}
|
|
}
|
|
|
|
func FailedEventMapper(event eventstore.Event) (eventstore.Event, error) {
|
|
added := &FailedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
err := event.Unmarshal(added)
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInternal(err, "AUTHR-Sfe3w", "unable to unmarshal auth request session linked")
|
|
}
|
|
|
|
return added, nil
|
|
}
|
|
|
|
type CodeAddedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
}
|
|
|
|
func (e *CodeAddedEvent) Payload() interface{} {
|
|
return e
|
|
}
|
|
|
|
func (e *CodeAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewCodeAddedEvent(ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
) *CodeAddedEvent {
|
|
return &CodeAddedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
CodeAddedType,
|
|
),
|
|
}
|
|
}
|
|
|
|
func CodeAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
|
|
added := &CodeAddedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}
|
|
err := event.Unmarshal(added)
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInternal(err, "AUTHR-Sfe3w", "unable to unmarshal auth request code added")
|
|
}
|
|
|
|
return added, nil
|
|
}
|
|
|
|
type CodeExchangedEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
}
|
|
|
|
func (e *CodeExchangedEvent) Payload() interface{} {
|
|
return nil
|
|
}
|
|
|
|
func (e *CodeExchangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewCodeExchangedEvent(ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
) *CodeExchangedEvent {
|
|
return &CodeExchangedEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
CodeExchangedType,
|
|
),
|
|
}
|
|
}
|
|
|
|
func CodeExchangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
|
|
return &CodeExchangedEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}, nil
|
|
}
|
|
|
|
type SucceededEvent struct {
|
|
eventstore.BaseEvent `json:"-"`
|
|
}
|
|
|
|
func (e *SucceededEvent) Payload() interface{} {
|
|
return nil
|
|
}
|
|
|
|
func (e *SucceededEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
|
|
return nil
|
|
}
|
|
|
|
func NewSucceededEvent(ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
) *SucceededEvent {
|
|
return &SucceededEvent{
|
|
BaseEvent: *eventstore.NewBaseEventForPush(
|
|
ctx,
|
|
aggregate,
|
|
SucceededType,
|
|
),
|
|
}
|
|
}
|
|
|
|
func SucceededEventMapper(event eventstore.Event) (eventstore.Event, error) {
|
|
return &SucceededEvent{
|
|
BaseEvent: *eventstore.BaseEventFromRepo(event),
|
|
}, nil
|
|
}
|