feat: support generic OAuth IDPs

docs/data-sources/idp_oauth.md

@@ -0,0 +1,40 @@
+---
+page_title: "zitadel_idp_oauth Data Source - terraform-provider-zitadel"
+subcategory: ""
+description: |-
+  Datasource representing a generic OAuth2 IDP on the instance.
+---
+
+# zitadel_idp_oauth (Data Source)
+
+Datasource representing a generic OAuth2 IDP on the instance.
+
+## Example Usage
+
+```terraform
+data "zitadel_idp_oauth" "default" {
+  id = "123456789012345678"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The ID of this resource.
+
+### Read-Only
+
+- `authorization_endpoint` (String) The authorization endpoint
+- `client_id` (String) client id generated by the identity provider
+- `client_secret` (String, Sensitive) client secret generated by the identity provider
+- `id_attribute` (String) The id attribute
+- `is_auto_creation` (Boolean) enabled if a new account in ZITADEL are created automatically on login with an external account
+- `is_auto_update` (Boolean) enabled if a the ZITADEL account fields are updated automatically on each login
+- `is_creation_allowed` (Boolean) enabled if users are able to create a new account in ZITADEL when using an external account
+- `is_linking_allowed` (Boolean) enabled if users are able to link an existing ZITADEL user with an external account
+- `name` (String) Name of the IDP
+- `scopes` (Set of String) the scopes requested by ZITADEL during the request on the identity provider
+- `token_endpoint` (String) The token endpoint
+- `user_endpoint` (String) The user endpoint

docs/data-sources/org_idp_oauth.md

@@ -0,0 +1,45 @@
+---
+page_title: "zitadel_org_idp_oauth Data Source - terraform-provider-zitadel"
+subcategory: ""
+description: |-
+  Datasource representing a generic OAuth2 IDP of the organization.
+---
+
+# zitadel_org_idp_oauth (Data Source)
+
+Datasource representing a generic OAuth2 IDP of the organization.
+
+## Example Usage
+
+```terraform
+data "zitadel_org_idp_oauth" "default" {
+  org_id = data.zitadel_org.default.id
+  id     = "123456789012345678"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The ID of this resource.
+
+### Optional
+
+- `org_id` (String) ID of the organization
+
+### Read-Only
+
+- `authorization_endpoint` (String) The authorization endpoint
+- `client_id` (String) client id generated by the identity provider
+- `client_secret` (String, Sensitive) client secret generated by the identity provider
+- `id_attribute` (String) The id attribute
+- `is_auto_creation` (Boolean) enabled if a new account in ZITADEL are created automatically on login with an external account
+- `is_auto_update` (Boolean) enabled if a the ZITADEL account fields are updated automatically on each login
+- `is_creation_allowed` (Boolean) enabled if users are able to create a new account in ZITADEL when using an external account
+- `is_linking_allowed` (Boolean) enabled if users are able to link an existing ZITADEL user with an external account
+- `name` (String) Name of the IDP
+- `scopes` (Set of String) the scopes requested by ZITADEL during the request on the identity provider
+- `token_endpoint` (String) The token endpoint
+- `user_endpoint` (String) The user endpoint

docs/resources/idp_oauth.md

@@ -0,0 +1,61 @@
+---
+page_title: "zitadel_idp_oauth Resource - terraform-provider-zitadel"
+subcategory: ""
+description: |-
+  Resource representing a generic OAuth2 IDP on the instance.
+---
+
+# zitadel_idp_oauth (Resource)
+
+Resource representing a generic OAuth2 IDP on the instance.
+
+## Example Usage
+
+```terraform
+resource "zitadel_idp_oauth" "default" {
+  name                   = "GitLab"
+  client_id              = "15765e..."
+  client_secret          = "*****abcxyz"
+  authorization_endpoint = "https://accounts.google.com/o/oauth2/v2/auth"
+  token_endpoint         = "https://oauth2.googleapis.com/token"
+  user_endpoint          = "https://openidconnect.googleapis.com/v1/userinfo"
+  id_attribute           = "user_id"
+  scopes                 = ["openid", "profile", "email"]
+  is_linking_allowed     = false
+  is_creation_allowed    = true
+  is_auto_creation       = false
+  is_auto_update         = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `authorization_endpoint` (String) The authorization endpoint
+- `client_id` (String) client id generated by the identity provider
+- `client_secret` (String, Sensitive) client secret generated by the identity provider
+- `id_attribute` (String) The id attribute
+- `is_auto_creation` (Boolean) enable if a new account in ZITADEL should be created automatically on login with an external account
+- `is_auto_update` (Boolean) enable if a the ZITADEL account fields should be updated automatically on each login
+- `is_creation_allowed` (Boolean) enable if users should be able to create a new account in ZITADEL when using an external account
+- `is_linking_allowed` (Boolean) enable if users should be able to link an existing ZITADEL user with an external account
+- `token_endpoint` (String) The token endpoint
+- `user_endpoint` (String) The user endpoint
+
+### Optional
+
+- `name` (String) Name of the IDP
+- `scopes` (Set of String) the scopes requested by ZITADEL during the request on the identity provider
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+```bash
+# The resource can be imported using the ID format `<id[:client_secret]>`, e.g.
+terraform import zitadel_idp_oauth.imported '123456789012345678:1234567890abcdef'
+```

docs/resources/org_idp_oauth.md

@@ -0,0 +1,63 @@
+---
+page_title: "zitadel_org_idp_oauth Resource - terraform-provider-zitadel"
+subcategory: ""
+description: |-
+  Resource representing a generic OAuth2 IDP on the organization.
+---
+
+# zitadel_org_idp_oauth (Resource)
+
+Resource representing a generic OAuth2 IDP on the organization.
+
+## Example Usage
+
+```terraform
+resource "zitadel_org_idp_oauth" "default" {
+  org_id                 = data.zitadel_org.default.id
+  name                   = "GitLab"
+  client_id              = "15765e..."
+  client_secret          = "*****abcxyz"
+  authorization_endpoint = "https://accounts.google.com/o/oauth2/v2/auth"
+  token_endpoint         = "https://oauth2.googleapis.com/token"
+  user_endpoint          = "https://openidconnect.googleapis.com/v1/userinfo"
+  id_attribute           = "user_id"
+  scopes                 = ["openid", "profile", "email"]
+  is_linking_allowed     = false
+  is_creation_allowed    = true
+  is_auto_creation       = false
+  is_auto_update         = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `authorization_endpoint` (String) The authorization endpoint
+- `client_id` (String) client id generated by the identity provider
+- `client_secret` (String, Sensitive) client secret generated by the identity provider
+- `id_attribute` (String) The id attribute
+- `is_auto_creation` (Boolean) enable if a new account in ZITADEL should be created automatically on login with an external account
+- `is_auto_update` (Boolean) enable if a the ZITADEL account fields should be updated automatically on each login
+- `is_creation_allowed` (Boolean) enable if users should be able to create a new account in ZITADEL when using an external account
+- `is_linking_allowed` (Boolean) enable if users should be able to link an existing ZITADEL user with an external account
+- `token_endpoint` (String) The token endpoint
+- `user_endpoint` (String) The user endpoint
+
+### Optional
+
+- `name` (String) Name of the IDP
+- `org_id` (String) ID of the organization
+- `scopes` (Set of String) the scopes requested by ZITADEL during the request on the identity provider
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+```bash
+# The resource can be imported using the ID format `<id[:org_id][:client_secret]>`, e.g.
+terraform import zitadel_org_idp_oauth.imported '123456789012345678:123456789012345678:1234567890abcdef'
+```

examples/provider/data-sources/idp_oauth.tf

@@ -0,0 +1,3 @@
+data "zitadel_idp_oauth" "default" {
+  id = "123456789012345678"
+}

examples/provider/data-sources/org_idp_oauth.tf

@@ -0,0 +1,4 @@
+data "zitadel_org_idp_oauth" "default" {
+  org_id = data.zitadel_org.default.id
+  id     = "123456789012345678"
+}

examples/provider/resources/idp_oauth-import.sh

@@ -0,0 +1,2 @@
+# The resource can be imported using the ID format `<id[:client_secret]>`, e.g.
+terraform import zitadel_idp_oauth.imported '123456789012345678:1234567890abcdef'

examples/provider/resources/idp_oauth.tf

@@ -0,0 +1,14 @@
+resource "zitadel_idp_oauth" "default" {
+  name                   = "GitLab"
+  client_id              = "15765e..."
+  client_secret          = "*****abcxyz"
+  authorization_endpoint = "https://accounts.google.com/o/oauth2/v2/auth"
+  token_endpoint         = "https://oauth2.googleapis.com/token"
+  user_endpoint          = "https://openidconnect.googleapis.com/v1/userinfo"
+  id_attribute           = "user_id"
+  scopes                 = ["openid", "profile", "email"]
+  is_linking_allowed     = false
+  is_creation_allowed    = true
+  is_auto_creation       = false
+  is_auto_update         = true
+}

examples/provider/resources/org_idp_oauth-import.sh

@@ -0,0 +1,2 @@
+# The resource can be imported using the ID format `<id[:org_id][:client_secret]>`, e.g.
+terraform import zitadel_org_idp_oauth.imported '123456789012345678:123456789012345678:1234567890abcdef'

examples/provider/resources/org_idp_oauth.tf

@@ -0,0 +1,15 @@
+resource "zitadel_org_idp_oauth" "default" {
+  org_id                 = data.zitadel_org.default.id
+  name                   = "GitLab"
+  client_id              = "15765e..."
+  client_secret          = "*****abcxyz"
+  authorization_endpoint = "https://accounts.google.com/o/oauth2/v2/auth"
+  token_endpoint         = "https://oauth2.googleapis.com/token"
+  user_endpoint          = "https://openidconnect.googleapis.com/v1/userinfo"
+  id_attribute           = "user_id"
+  scopes                 = ["openid", "profile", "email"]
+  is_linking_allowed     = false
+  is_creation_allowed    = true
+  is_auto_creation       = false
+  is_auto_update         = true
+}

templates/data-sources/idp_oauth.md.tmpl

@@ -0,0 +1,16 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: ""
+description: |-
+{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+---
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description | trimspace }}
+
+## Example Usage
+
+{{ tffile "examples/provider/data-sources/idp_oauth.tf" }}
+
+{{ .SchemaMarkdown | trimspace }}

templates/data-sources/org_idp_oauth.md.tmpl

@@ -0,0 +1,16 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: ""
+description: |-
+{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+---
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description | trimspace }}
+
+## Example Usage
+
+{{ tffile "examples/provider/data-sources/org_idp_oauth.tf" }}
+
+{{ .SchemaMarkdown | trimspace }}

templates/resources/idp_oauth.md.tmpl

@@ -0,0 +1,20 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: ""
+description: |-
+{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+---
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description | trimspace }}
+
+## Example Usage
+
+{{ tffile "examples/provider/resources/idp_oauth.tf" }}
+
+{{ .SchemaMarkdown | trimspace }}
+
+## Import
+
+{{ codefile "bash" "examples/provider/resources/idp_oauth-import.sh" }}

templates/resources/org_idp_oauth.md.tmpl

@@ -0,0 +1,20 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: ""
+description: |-
+{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+---
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description | trimspace }}
+
+## Example Usage
+
+{{ tffile "examples/provider/resources/org_idp_oauth.tf" }}
+
+{{ .SchemaMarkdown | trimspace }}
+
+## Import
+
+{{ codefile "bash" "examples/provider/resources/org_idp_oauth-import.sh" }}

zitadel/idp_oauth/datasource.go

@@ -0,0 +1,29 @@
+package idp_oauth
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/zitadel/terraform-provider-zitadel/zitadel/idp_utils"
+)
+
+func GetDatasource() *schema.Resource {
+	return &schema.Resource{
+		Description: "Datasource representing a generic OAuth2 IDP on the instance.",
+		Schema: map[string]*schema.Schema{
+			idp_utils.IdpIDVar:             idp_utils.IdPIDDataSourceField,
+			idp_utils.NameVar:              idp_utils.NameDataSourceField,
+			idp_utils.ClientIDVar:          idp_utils.ClientIDDataSourceField,
+			idp_utils.ClientSecretVar:      idp_utils.ClientSecretDataSourceField,
+			AuthorizationEndpointVar:       AuthorizationEndpointDatasourceField,
+			TokenEndpointVar:               TokenEndpointDatasourceField,
+			UserEndpointVar:                UserEndpointDatasourceField,
+			IdAttributeVar:                 IdAttributeDatasourceField,
+			idp_utils.ScopesVar:            idp_utils.ScopesDataSourceField,
+			idp_utils.IsLinkingAllowedVar:  idp_utils.IsLinkingAllowedDataSourceField,
+			idp_utils.IsCreationAllowedVar: idp_utils.IsCreationAllowedDataSourceField,
+			idp_utils.IsAutoCreationVar:    idp_utils.IsAutoCreationDataSourceField,
+			idp_utils.IsAutoUpdateVar:      idp_utils.IsAutoUpdateDataSourceField,
+		},
+		ReadContext: read,
+	}
+}