mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-10 18:43:40 +00:00
2331b8a4c0
* feat: add clock skew * add IDTokenUserinfoAssertion * migration * fix missing converter * update oidc version * fix interface impl
177 lines
6.6 KiB
Go
177 lines
6.6 KiB
Go
package model
|
|
|
|
import (
|
|
"encoding/json"
|
|
"reflect"
|
|
"time"
|
|
|
|
"github.com/caos/logging"
|
|
|
|
"github.com/caos/zitadel/internal/crypto"
|
|
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
|
"github.com/caos/zitadel/internal/project/model"
|
|
)
|
|
|
|
type OIDCConfig struct {
|
|
es_models.ObjectRoot
|
|
Version int32 `json:"oidcVersion,omitempty"`
|
|
AppID string `json:"appId"`
|
|
ClientID string `json:"clientId,omitempty"`
|
|
ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
|
|
RedirectUris []string `json:"redirectUris,omitempty"`
|
|
ResponseTypes []int32 `json:"responseTypes,omitempty"`
|
|
GrantTypes []int32 `json:"grantTypes,omitempty"`
|
|
ApplicationType int32 `json:"applicationType,omitempty"`
|
|
AuthMethodType int32 `json:"authMethodType,omitempty"`
|
|
PostLogoutRedirectUris []string `json:"postLogoutRedirectUris,omitempty"`
|
|
DevMode bool `json:"devMode,omitempty"`
|
|
AccessTokenType int32 `json:"accessTokenType,omitempty"`
|
|
AccessTokenRoleAssertion bool `json:"accessTokenRoleAssertion,omitempty"`
|
|
IDTokenRoleAssertion bool `json:"idTokenRoleAssertion,omitempty"`
|
|
IDTokenUserinfoAssertion bool `json:"idTokenUserinfoAssertion,omitempty"`
|
|
ClockSkew time.Duration `json:"clockSkew,omitempty"`
|
|
}
|
|
|
|
func (c *OIDCConfig) Changes(changed *OIDCConfig) map[string]interface{} {
|
|
changes := make(map[string]interface{}, 1)
|
|
changes["appId"] = c.AppID
|
|
if !reflect.DeepEqual(c.RedirectUris, changed.RedirectUris) {
|
|
changes["redirectUris"] = changed.RedirectUris
|
|
}
|
|
if !reflect.DeepEqual(c.ResponseTypes, changed.ResponseTypes) {
|
|
changes["responseTypes"] = changed.ResponseTypes
|
|
}
|
|
if !reflect.DeepEqual(c.GrantTypes, changed.GrantTypes) {
|
|
changes["grantTypes"] = changed.GrantTypes
|
|
}
|
|
if c.ApplicationType != changed.ApplicationType {
|
|
changes["applicationType"] = changed.ApplicationType
|
|
}
|
|
if c.AuthMethodType != changed.AuthMethodType {
|
|
changes["authMethodType"] = changed.AuthMethodType
|
|
}
|
|
if c.Version != changed.Version {
|
|
changes["oidcVersion"] = changed.Version
|
|
}
|
|
if !reflect.DeepEqual(c.PostLogoutRedirectUris, changed.PostLogoutRedirectUris) {
|
|
changes["postLogoutRedirectUris"] = changed.PostLogoutRedirectUris
|
|
}
|
|
if c.DevMode != changed.DevMode {
|
|
changes["devMode"] = changed.DevMode
|
|
}
|
|
if c.AccessTokenType != changed.AccessTokenType {
|
|
changes["accessTokenType"] = changed.AccessTokenType
|
|
}
|
|
if c.AccessTokenRoleAssertion != changed.AccessTokenRoleAssertion {
|
|
changes["accessTokenRoleAssertion"] = changed.AccessTokenRoleAssertion
|
|
}
|
|
if c.IDTokenRoleAssertion != changed.IDTokenRoleAssertion {
|
|
changes["idTokenRoleAssertion"] = changed.IDTokenRoleAssertion
|
|
}
|
|
if c.IDTokenUserinfoAssertion != changed.IDTokenUserinfoAssertion {
|
|
changes["idTokenUserinfoAssertion"] = changed.IDTokenUserinfoAssertion
|
|
}
|
|
if c.ClockSkew != changed.ClockSkew {
|
|
changes["clockSkew"] = changed.ClockSkew
|
|
}
|
|
return changes
|
|
}
|
|
|
|
func OIDCConfigFromModel(config *model.OIDCConfig) *OIDCConfig {
|
|
responseTypes := make([]int32, len(config.ResponseTypes))
|
|
for i, rt := range config.ResponseTypes {
|
|
responseTypes[i] = int32(rt)
|
|
}
|
|
grantTypes := make([]int32, len(config.GrantTypes))
|
|
for i, rt := range config.GrantTypes {
|
|
grantTypes[i] = int32(rt)
|
|
}
|
|
return &OIDCConfig{
|
|
ObjectRoot: config.ObjectRoot,
|
|
AppID: config.AppID,
|
|
Version: int32(config.OIDCVersion),
|
|
ClientID: config.ClientID,
|
|
ClientSecret: config.ClientSecret,
|
|
RedirectUris: config.RedirectUris,
|
|
ResponseTypes: responseTypes,
|
|
GrantTypes: grantTypes,
|
|
ApplicationType: int32(config.ApplicationType),
|
|
AuthMethodType: int32(config.AuthMethodType),
|
|
PostLogoutRedirectUris: config.PostLogoutRedirectUris,
|
|
DevMode: config.DevMode,
|
|
AccessTokenType: int32(config.AccessTokenType),
|
|
AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
|
|
IDTokenRoleAssertion: config.IDTokenRoleAssertion,
|
|
IDTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
|
|
ClockSkew: config.ClockSkew,
|
|
}
|
|
}
|
|
|
|
func OIDCConfigToModel(config *OIDCConfig) *model.OIDCConfig {
|
|
responseTypes := make([]model.OIDCResponseType, len(config.ResponseTypes))
|
|
for i, rt := range config.ResponseTypes {
|
|
responseTypes[i] = model.OIDCResponseType(rt)
|
|
}
|
|
grantTypes := make([]model.OIDCGrantType, len(config.GrantTypes))
|
|
for i, rt := range config.GrantTypes {
|
|
grantTypes[i] = model.OIDCGrantType(rt)
|
|
}
|
|
oidcConfig := &model.OIDCConfig{
|
|
ObjectRoot: config.ObjectRoot,
|
|
AppID: config.AppID,
|
|
OIDCVersion: model.OIDCVersion(config.Version),
|
|
ClientID: config.ClientID,
|
|
ClientSecret: config.ClientSecret,
|
|
RedirectUris: config.RedirectUris,
|
|
ResponseTypes: responseTypes,
|
|
GrantTypes: grantTypes,
|
|
ApplicationType: model.OIDCApplicationType(config.ApplicationType),
|
|
AuthMethodType: model.OIDCAuthMethodType(config.AuthMethodType),
|
|
PostLogoutRedirectUris: config.PostLogoutRedirectUris,
|
|
DevMode: config.DevMode,
|
|
AccessTokenType: model.OIDCTokenType(config.AccessTokenType),
|
|
AccessTokenRoleAssertion: config.AccessTokenRoleAssertion,
|
|
IDTokenRoleAssertion: config.IDTokenRoleAssertion,
|
|
IDTokenUserinfoAssertion: config.IDTokenUserinfoAssertion,
|
|
ClockSkew: config.ClockSkew,
|
|
}
|
|
oidcConfig.FillCompliance()
|
|
return oidcConfig
|
|
}
|
|
|
|
func (p *Project) appendAddOIDCConfigEvent(event *es_models.Event) error {
|
|
config := new(OIDCConfig)
|
|
err := config.setData(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
config.ObjectRoot.CreationDate = event.CreationDate
|
|
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
|
|
p.Applications[i].Type = int32(model.AppTypeOIDC)
|
|
p.Applications[i].OIDCConfig = config
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *Project) appendChangeOIDCConfigEvent(event *es_models.Event) error {
|
|
config := new(OIDCConfig)
|
|
err := config.setData(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if i, a := GetApplication(p.Applications, config.AppID); a != nil {
|
|
p.Applications[i].OIDCConfig.setData(event)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (o *OIDCConfig) setData(event *es_models.Event) error {
|
|
o.ObjectRoot.AppendEvent(event)
|
|
if err := json.Unmarshal(event.Data, o); err != nil {
|
|
logging.Log("EVEN-d8e3s").WithError(err).Error("could not unmarshal event data")
|
|
return err
|
|
}
|
|
return nil
|
|
}
|