From 1968d4d49428acae64a567105170989bab2e6961 Mon Sep 17 00:00:00 2001
From: Hauke Schnau <hauke@schnau-lilienthal.de>
Date: Wed, 18 Jun 2025 14:35:54 +0200
Subject: [PATCH] feat(auth): add Zitadel OAuth Provider (#5490)

---
 app/Providers/EventServiceProvider.php            |  2 ++
 bootstrap/helpers/socialite.php                   | 11 +++++++++++
 composer.json                                     |  1 +
 config/services.php                               |  7 +++++++
 database/seeders/OauthSettingSeeder.php           |  1 +
 lang/de.json                                      |  1 +
 lang/en.json                                      |  1 +
 resources/views/livewire/settings-oauth.blade.php |  2 +-
 8 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/app/Providers/EventServiceProvider.php b/app/Providers/EventServiceProvider.php
index 48c3c3e4f..2d9910add 100644
--- a/app/Providers/EventServiceProvider.php
+++ b/app/Providers/EventServiceProvider.php
@@ -14,6 +14,7 @@ use SocialiteProviders\Discord\DiscordExtendSocialite;
 use SocialiteProviders\Google\GoogleExtendSocialite;
 use SocialiteProviders\Infomaniak\InfomaniakExtendSocialite;
 use SocialiteProviders\Manager\SocialiteWasCalled;
+use SocialiteProviders\Zitadel\ZitadelExtendSocialite;
 
 class EventServiceProvider extends ServiceProvider
 {
@@ -31,6 +32,7 @@ class EventServiceProvider extends ServiceProvider
             DiscordExtendSocialite::class.'@handle',
             GoogleExtendSocialite::class.'@handle',
             InfomaniakExtendSocialite::class.'@handle',
+            ZitadelExtendSocialite::class.'@handle',
         ],
     ];
 
diff --git a/bootstrap/helpers/socialite.php b/bootstrap/helpers/socialite.php
index 3ae70c9d6..961f6809b 100644
--- a/bootstrap/helpers/socialite.php
+++ b/bootstrap/helpers/socialite.php
@@ -33,6 +33,17 @@ function get_socialite_provider(string $provider)
         return Socialite::driver($provider)->setConfig($authentik_clerk_config);
     }
 
+    if ($provider == 'zitadel') {
+        $zitadel_config = new \SocialiteProviders\Manager\Config(
+            $oauth_setting->client_id,
+            $oauth_setting->client_secret,
+            $oauth_setting->redirect_uri,
+            ['base_url' => $oauth_setting->base_url],
+        );
+
+        return Socialite::driver('zitadel')->setConfig($zitadel_config);
+    }
+
     if ($provider == 'google') {
         $google_config = new \SocialiteProviders\Manager\Config(
             $oauth_setting->client_id,
diff --git a/composer.json b/composer.json
index bfe2b98b4..e3d2ae780 100644
--- a/composer.json
+++ b/composer.json
@@ -44,6 +44,7 @@
         "socialiteproviders/google": "^4.1",
         "socialiteproviders/infomaniak": "^4.0",
         "socialiteproviders/microsoft-azure": "^5.2",
+        "socialiteproviders/zitadel": "^4.1",
         "spatie/laravel-activitylog": "^4.10.1",
         "spatie/laravel-data": "^4.13.1",
         "spatie/laravel-ray": "^1.39.1",
diff --git a/config/services.php b/config/services.php
index cb1929bec..7add50a5c 100644
--- a/config/services.php
+++ b/config/services.php
@@ -60,4 +60,11 @@ return [
         'tenant' => env('GOOGLE_TENANT'),
     ],
 
+    'zitadel' => [
+        'client_id' => env('ZITADEL_CLIENT_ID'),
+        'client_secret' => env('ZITADEL_CLIENT_SECRET'),
+        'redirect' => env('ZITADEL_REDIRECT_URI'),
+        'base_url' => env('ZITADEL_BASE_URL'),
+    ]
+
 ];
diff --git a/database/seeders/OauthSettingSeeder.php b/database/seeders/OauthSettingSeeder.php
index 06b37ca44..2e5e6fcc4 100644
--- a/database/seeders/OauthSettingSeeder.php
+++ b/database/seeders/OauthSettingSeeder.php
@@ -24,6 +24,7 @@ class OauthSettingSeeder extends Seeder
                 'google',
                 'authentik',
                 'infomaniak',
+                'zitadel',
             ]);
 
             $isOauthSeeded = OauthSetting::count() > 0;
diff --git a/lang/de.json b/lang/de.json
index 9bb11fdb4..f56b21710 100644
--- a/lang/de.json
+++ b/lang/de.json
@@ -8,6 +8,7 @@
     "auth.login.gitlab": "Mit GitLab anmelden",
     "auth.login.google": "Mit Google anmelden",
     "auth.login.infomaniak": "Mit Infomaniak anmelden",
+    "auth.login.zitadel": "Mit Zitadel anmelden",
     "auth.already_registered": "Bereits registriert?",
     "auth.confirm_password": "Passwort bestätigen",
     "auth.forgot_password": "Passwort vergessen",
diff --git a/lang/en.json b/lang/en.json
index ae7c4a2c2..4a398a9f9 100644
--- a/lang/en.json
+++ b/lang/en.json
@@ -9,6 +9,7 @@
     "auth.login.gitlab": "Login with Gitlab",
     "auth.login.google": "Login with Google",
     "auth.login.infomaniak": "Login with Infomaniak",
+    "auth.login.zitadel": "Login with Zitadel",
     "auth.already_registered": "Already registered?",
     "auth.confirm_password": "Confirm password",
     "auth.forgot_password": "Forgot password",
diff --git a/resources/views/livewire/settings-oauth.blade.php b/resources/views/livewire/settings-oauth.blade.php
index f559f57ac..8ffad258f 100644
--- a/resources/views/livewire/settings-oauth.blade.php
+++ b/resources/views/livewire/settings-oauth.blade.php
@@ -37,7 +37,7 @@
                                 helper="Optional parameter that supplies a hosted domain (HD) to Google, which<br>triggers a login hint to be displayed on the OAuth screen with this domain.<br><br><a class='underline dark:text-warning text-coollabs' href='https://developers.google.com/identity/openid-connect/openid-connect#hd-param' target='_blank'>Google Documentation</a>"
                                 label="Tenant" />
                         @endif
-                        @if ($oauth_setting->provider == 'authentik' || $oauth_setting->provider == 'clerk')
+            @if ($oauth_setting->provider == 'authentik' || $oauth_setting->provider == 'clerk' || $oauth_setting->provider == 'zitadel')
                             <x-forms.input id="oauth_settings_map.{{ $oauth_setting->provider }}.base_url"
                                 label="Base URL" />
                         @endif