add zitadel tests

Author: WilsonLe

.github/workflows/test-google-oauth.yml

@@ -0,0 +1,54 @@
+name: Test Google OAuth
+
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  test-google-oauth:
+    runs-on: ubuntu-latest
+    env:
+      ##########################################################################
+      # App Config
+      ##########################################################################
+      NEXT_PUBLIC_URL: "http://localhost:3000"
+      DATABASE_URI: "file:./payload-oauth2.db"
+      PAYLOAD_SECRET: "hellohereisasecretforyou"
+
+      ##########################################################################
+      # Google OAuth Config
+      ##########################################################################
+      GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
+      GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
+
+      ##########################################################################
+      # Test Config
+      ##########################################################################
+      # Optional: Set to "true" to run test browser in headless mode
+      HEADLESS: true
+
+      ##########################################################################
+      # Google Test Account
+      ##########################################################################
+      # Required: Google Test Account Email
+      GOOGLE_TEST_EMAIL: ${{ secrets.GOOGLE_TEST_EMAIL }}
+
+      # Required: Google Test Account Password
+      GOOGLE_TEST_PASSWORD: ${{ secrets.GOOGLE_TEST_PASSWORD }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v2
+        with:
+          version: 9
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: "pnpm"
+      - run: |
+          pnpx puppeteer browsers install chrome
+      - run: pnpm install
+      - run: pnpm test:google

.github/workflows/test-oauth.yml .github/workflows/test-zitadel-oauth.yml.github/workflows/test-oauth.yml renamed to .github/workflows/test-zitadel-oauth.yml

@@ -1,4 +1,4 @@
-name: Test OAuth
+name: Test Zitadel OAuth
 
 on:
   pull_request:

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Payload
+Copyright (c) 2024 Wilson Le
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -21,9 +21,10 @@
 
 Technically this plugin should work with all generic OAuth2 providers. Here are the list of providers that have been tested:
 
-| Provider | Status                                                                                                                                                                                                   | Example                        |
-| -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
-| Google   | [![Test Google OAuth](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-google-oauth.yml/badge.svg)](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-google-oauth.yml) | [Config](./examples/google.md) |
+| Provider | Status                                                                                                                                                                                                      | Example                        |
+| -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
+| Google   | [![Test Google OAuth](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-google-oauth.yml/badge.svg)](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-google-oauth.yml)    | [Config](./examples/google.md) |
+| Zitadel  | [![Test Zitadel OAuth](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-zitadel-oauth.yml/badge.svg)](https://github.com/WilsonLe/payload-oauth2/actions/workflows/test-zitadel-oauth.yml) | [Config](./examples/google.md) |
 
 # Installation
 

examples/zitadel.md

@@ -0,0 +1,62 @@
+# Google OAuth2
+
+```ts
+export default buildConfig({
+  // ...
+  admin: {
+    importMap: { baseDir: path.resolve(dirname) },
+    components: {
+      // A simple button with <a> tag that links to your authorization path
+      // which defaults to /api/users/oauth/authorize
+      afterLogin: ["app/components/OAuthLoginButton#OAuthLoginButton"],
+    },
+    user: "users", // assuming you already have a users collection with auth enabled
+  },
+  // ...
+  plugins: [
+    OAuth2Plugin({
+      enabled:
+        typeof process.env.ZITADEL_CLIENT_ID === "string" &&
+        typeof process.env.ZITADEL_CLIENT_SECRET === "string" &&
+        typeof process.env.ZITADEL_TOKEN_ENDPOINT === "string" &&
+        typeof process.env.ZITADEL_AUTHORIZATION_URL === "string" &&
+        typeof process.env.ZITADEL_USERINFO_ENDPOINT === "string",
+      strategyName: "zitadel",
+      useEmailAsIdentity: true,
+      serverURL: process.env.NEXT_PUBLIC_URL || "http://localhost:3000",
+      clientId: process.env.ZITADEL_CLIENT_ID || "",
+      clientSecret: process.env.ZITADEL_CLIENT_SECRET || "",
+      authorizePath: "/oauth/zitadel",
+      callbackPath: "/oauth/zitadel/callback",
+      authCollection: "users",
+      tokenEndpoint: process.env.ZITADEL_TOKEN_ENDPOINT || "",
+      scopes: [
+        "openid",
+        "profile",
+        "email",
+        "offline_access",
+        "urn:zitadel:iam:user:metadata",
+      ],
+      providerAuthorizationUrl: process.env.ZITADEL_AUTHORIZATION_URL || "",
+      getUserInfo: async (accessToken: string) => {
+        const response = await fetch(
+          process.env.ZITADEL_USERINFO_ENDPOINT || "",
+          {
+            headers: { Authorization: `Bearer ${accessToken}` },
+          },
+        );
+        const user = await response.json();
+        return { email: user.email, sub: user.sub };
+      },
+      successRedirect: (req) => {
+        return "/admin";
+      },
+      failureRedirect: (req, err) => {
+        req.payload.logger.error(err);
+        return "/admin/login";
+      },
+    }),
+  ],
+  // ...
+});
+```