Merge pull request #209 from zitadel/oidc-skip-native

fix: add skip native app success page boolean for oidc apps
zitadel · Dec 17, 2024 · bfe1a97 · bfe1a97
2 parents ed5345e + 026e827
commit bfe1a97
Show file tree

Hide file tree

Showing 7 changed files with 49 additions and 30 deletions.
diff --git a/docs/data-sources/application_oidc.md b/docs/data-sources/application_oidc.md
@@ -49,4 +49,5 @@ data "zitadel_application_oidc" "default" {
 - `post_logout_redirect_uris` (List of String) Post logout redirect URIs
 - `redirect_uris` (List of String) RedirectURIs
 - `response_types` (List of String) Response type
+- `skip_native_app_success_page` (Boolean) Skip the successful login page on native apps and directly redirect the user to the callback.
 - `version` (String) Version
diff --git a/docs/resources/application_oidc.md b/docs/resources/application_oidc.md
@@ -16,21 +16,22 @@ resource "zitadel_application_oidc" "default" {
   project_id = data.zitadel_project.default.id
   org_id     = data.zitadel_org.default.id
 
-  name                        = "applicationoidc"
-  redirect_uris               = ["https://localhost.com"]
-  response_types              = ["OIDC_RESPONSE_TYPE_CODE"]
-  grant_types                 = ["OIDC_GRANT_TYPE_AUTHORIZATION_CODE"]
-  post_logout_redirect_uris   = ["https://localhost.com"]
-  app_type                    = "OIDC_APP_TYPE_WEB"
-  auth_method_type            = "OIDC_AUTH_METHOD_TYPE_BASIC"
-  version                     = "OIDC_VERSION_1_0"
-  clock_skew                  = "0s"
-  dev_mode                    = true
-  access_token_type           = "OIDC_TOKEN_TYPE_BEARER"
-  access_token_role_assertion = false
-  id_token_role_assertion     = false
-  id_token_userinfo_assertion = false
-  additional_origins          = []
+  name                         = "applicationoidc"
+  redirect_uris                = ["https://localhost.com"]
+  response_types               = ["OIDC_RESPONSE_TYPE_CODE"]
+  grant_types                  = ["OIDC_GRANT_TYPE_AUTHORIZATION_CODE"]
+  post_logout_redirect_uris    = ["https://localhost.com"]
+  app_type                     = "OIDC_APP_TYPE_WEB"
+  auth_method_type             = "OIDC_AUTH_METHOD_TYPE_BASIC"
+  version                      = "OIDC_VERSION_1_0"
+  clock_skew                   = "0s"
+  dev_mode                     = true
+  access_token_type            = "OIDC_TOKEN_TYPE_BEARER"
+  access_token_role_assertion  = false
+  id_token_role_assertion      = false
+  id_token_userinfo_assertion  = false
+  additional_origins           = []
+  skip_native_app_success_page = false
 }
 ```
 
@@ -58,6 +59,7 @@ resource "zitadel_application_oidc" "default" {
 - `id_token_userinfo_assertion` (Boolean) Token userinfo assertion
 - `org_id` (String) ID of the organization
 - `post_logout_redirect_uris` (List of String) Post logout redirect URIs
+- `skip_native_app_success_page` (Boolean) Skip the successful login page on native apps and directly redirect the user to the callback.
 - `version` (String) Version, supported values: OIDC_VERSION_1_0
 
 ### Read-Only

diff --git a/examples/provider/resources/application_oidc.tf b/examples/provider/resources/application_oidc.tf
@@ -2,19 +2,20 @@ resource "zitadel_application_oidc" "default" {
   project_id = data.zitadel_project.default.id
   org_id     = data.zitadel_org.default.id
 
-  name                        = "applicationoidc"
-  redirect_uris               = ["https://localhost.com"]
-  response_types              = ["OIDC_RESPONSE_TYPE_CODE"]
-  grant_types                 = ["OIDC_GRANT_TYPE_AUTHORIZATION_CODE"]
-  post_logout_redirect_uris   = ["https://localhost.com"]
-  app_type                    = "OIDC_APP_TYPE_WEB"
-  auth_method_type            = "OIDC_AUTH_METHOD_TYPE_BASIC"
-  version                     = "OIDC_VERSION_1_0"
-  clock_skew                  = "0s"
-  dev_mode                    = true
-  access_token_type           = "OIDC_TOKEN_TYPE_BEARER"
-  access_token_role_assertion = false
-  id_token_role_assertion     = false
-  id_token_userinfo_assertion = false
-  additional_origins          = []
+  name                         = "applicationoidc"
+  redirect_uris                = ["https://localhost.com"]
+  response_types               = ["OIDC_RESPONSE_TYPE_CODE"]
+  grant_types                  = ["OIDC_GRANT_TYPE_AUTHORIZATION_CODE"]
+  post_logout_redirect_uris    = ["https://localhost.com"]
+  app_type                     = "OIDC_APP_TYPE_WEB"
+  auth_method_type             = "OIDC_AUTH_METHOD_TYPE_BASIC"
+  version                      = "OIDC_VERSION_1_0"
+  clock_skew                   = "0s"
+  dev_mode                     = true
+  access_token_type            = "OIDC_TOKEN_TYPE_BEARER"
+  access_token_role_assertion  = false
+  id_token_role_assertion      = false
+  id_token_userinfo_assertion  = false
+  additional_origins           = []
+  skip_native_app_success_page = false
 }
diff --git a/zitadel/application_oidc/const.go b/zitadel/application_oidc/const.go
@@ -22,4 +22,5 @@ const (
 	additionalOriginsVar        = "additional_origins"
 	ClientIDVar                 = "client_id"
 	ClientSecretVar             = "client_secret"
+	skipNativeAppSuccessPageVar = "skip_native_app_success_page"
 )
diff --git a/zitadel/application_oidc/datasource.go b/zitadel/application_oidc/datasource.go
@@ -120,6 +120,11 @@ func GetDatasource() *schema.Resource {
 				Description: "Client ID",
 				Sensitive:   true,
 			},
+			skipNativeAppSuccessPageVar: {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Skip the successful login page on native apps and directly redirect the user to the callback.",
+			},
 		},
 		ReadContext: read,
 	}

diff --git a/zitadel/application_oidc/funcs.go b/zitadel/application_oidc/funcs.go
@@ -78,6 +78,7 @@ func update(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Dia
 		idTokenUserinfoAssertionVar,
 		clockSkewVar,
 		additionalOriginsVar,
+		skipNativeAppSuccessPageVar,
 	) {
 		respTypes := make([]app.OIDCResponseType, 0)
 		for _, respType := range d.Get(responseTypesVar).([]interface{}) {
@@ -108,6 +109,7 @@ func update(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Dia
 			IdTokenUserinfoAssertion: d.Get(idTokenUserinfoAssertionVar).(bool),
 			AdditionalOrigins:        interfaceToStringSlice(d.Get(additionalOriginsVar)),
 			ClockSkew:                durationpb.New(dur),
+			SkipNativeAppSuccessPage: d.Get(skipNativeAppSuccessPageVar).(bool),
 		})
 		if err != nil {
 			return diag.Errorf("failed to update applicationOIDC: %v", err)
@@ -160,6 +162,7 @@ func create(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Dia
 		ClockSkew:                durationpb.New(dur),
 		AdditionalOrigins:        interfaceToStringSlice(d.Get(additionalOriginsVar)),
 		Version:                  app.OIDCVersion(app.OIDCVersion_value[d.Get(versionVar).(string)]),
+		SkipNativeAppSuccessPage: d.Get(skipNativeAppSuccessPageVar).(bool),
 	})
 
 	set := map[string]interface{}{
@@ -234,6 +237,7 @@ func read(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagn
 		clockSkewVar:                clockSkew,
 		additionalOriginsVar:        oidc.GetAdditionalOrigins(),
 		ClientIDVar:                 oidc.GetClientId(),
+		skipNativeAppSuccessPageVar: oidc.GetSkipNativeAppSuccessPage(),
 	}
 	for k, v := range set {
 		if err := d.Set(k, v); err != nil {

diff --git a/zitadel/application_oidc/resource.go b/zitadel/application_oidc/resource.go
@@ -145,6 +145,11 @@ func GetResource() *schema.Resource {
 				Description: "generated secret for this config",
 				Sensitive:   true,
 			},
+			skipNativeAppSuccessPageVar: {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: "Skip the successful login page on native apps and directly redirect the user to the callback.",
+			},
 		},
 		DeleteContext: delete,
 		CreateContext: create,