WIP: Make zitadel IDP work

famedly · Nov 14, 2024 · f6a4c26 · f6a4c26
1 parent 5c444ae
commit f6a4c26
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/src/user.rs b/src/user.rs
@@ -79,6 +79,25 @@ impl User {
 	pub fn get_famedly_uuid(&self) -> Result<String> {
 		Ok(Uuid::new_v5(&FAMEDLY_NAMESPACE, self.get_external_id_bytes()?.as_slice()).to_string())
 	}
+
+	/// Get a base64-encoded external user ID, if the ID is raw bytes,
+	/// or a UTF-8 string if not.
+	///
+	/// Note: This encoding scheme is inherently broken, because it is
+	/// impossible to tell apart base64 encoded strings from
+	/// non-base64 encoded strings. We can therefore never know if the
+	/// ID should be decoded or not when re-parsing it, and it may
+	/// create collisions (although this is unlikely).
+	///
+	/// Only use this for Zitadel support.
+	pub fn get_string_id(&self) -> Result<String> {
+		let id = self.get_external_id_bytes()?;
+		Ok(if let Ok(encoded_id) = String::from_utf8(id.clone()) {
+			encoded_id
+		} else {
+			BASE64_STANDARD.encode(id)
+		})
+	}
 }
 
 impl PartialEq for User {

diff --git a/src/zitadel.rs b/src/zitadel.rs
@@ -162,7 +162,7 @@ impl Zitadel {
 
 		if self.feature_flags.is_enabled(FeatureFlag::SsoLogin) {
 			user.set_idp_links(vec![IdpLink::new()
-				.with_user_id(imported_user.external_user_id.clone())
+				.with_user_id(imported_user.get_string_id().context("Failed to set IDP user ID")?)
 				.with_idp_id(self.zitadel_config.idp_id.clone())
 				// TODO: Figure out if this is the correct value; empty is not permitted
 				.with_user_name(imported_user.email.clone())]);