fix: apply strategy filters in identifier first as well (#4352)

Author: aeneasr

.schema/openapi/patches/selfservice.yaml

@@ -16,6 +16,7 @@
   value:
     - "$ref": "#/components/schemas/updateRegistrationFlowWithPasswordMethod"
     - "$ref": "#/components/schemas/updateRegistrationFlowWithOidcMethod"
+    - "$ref": "#/components/schemas/updateRegistrationFlowWithSamlMethod"
     - "$ref": "#/components/schemas/updateRegistrationFlowWithWebAuthnMethod"
     - "$ref": "#/components/schemas/updateRegistrationFlowWithCodeMethod"
     - "$ref": "#/components/schemas/updateRegistrationFlowWithPasskeyMethod"
@@ -27,7 +28,7 @@
     mapping:
       password: "#/components/schemas/updateRegistrationFlowWithPasswordMethod"
       oidc: "#/components/schemas/updateRegistrationFlowWithOidcMethod"
-      saml: "#/components/schemas/updateRegistrationFlowWithOidcMethod"
+      saml: "#/components/schemas/updateRegistrationFlowWithSamlMethod"
       webauthn: "#/components/schemas/updateRegistrationFlowWithWebAuthnMethod"
       code: "#/components/schemas/updateRegistrationFlowWithCodeMethod"
       passkey: "#/components/schemas/updateRegistrationFlowWithPasskeyMethod"
@@ -52,6 +53,7 @@
   value:
     - "$ref": "#/components/schemas/updateLoginFlowWithPasswordMethod"
     - "$ref": "#/components/schemas/updateLoginFlowWithOidcMethod"
+    - "$ref": "#/components/schemas/updateLoginFlowWithSamlMethod"
     - "$ref": "#/components/schemas/updateLoginFlowWithTotpMethod"
     - "$ref": "#/components/schemas/updateLoginFlowWithWebAuthnMethod"
     - "$ref": "#/components/schemas/updateLoginFlowWithLookupSecretMethod"
@@ -65,7 +67,7 @@
     mapping:
       password: "#/components/schemas/updateLoginFlowWithPasswordMethod"
       oidc: "#/components/schemas/updateLoginFlowWithOidcMethod"
-      saml: "#/components/schemas/updateLoginFlowWithOidcMethod"
+      saml: "#/components/schemas/updateLoginFlowWithSamlMethod"
       totp: "#/components/schemas/updateLoginFlowWithTotpMethod"
       webauthn: "#/components/schemas/updateLoginFlowWithWebAuthnMethod"
       lookup_secret: "#/components/schemas/updateLoginFlowWithLookupSecretMethod"
@@ -147,6 +149,7 @@
     - "$ref": "#/components/schemas/updateSettingsFlowWithPasswordMethod"
     - "$ref": "#/components/schemas/updateSettingsFlowWithProfileMethod"
     - "$ref": "#/components/schemas/updateSettingsFlowWithOidcMethod"
+    - "$ref": "#/components/schemas/updateSettingsFlowWithSamlMethod"
     - "$ref": "#/components/schemas/updateSettingsFlowWithTotpMethod"
     - "$ref": "#/components/schemas/updateSettingsFlowWithWebAuthnMethod"
     - "$ref": "#/components/schemas/updateSettingsFlowWithLookupMethod"
@@ -159,7 +162,7 @@
       password: "#/components/schemas/updateSettingsFlowWithPasswordMethod"
       profile: "#/components/schemas/updateSettingsFlowWithProfileMethod"
       oidc: "#/components/schemas/updateSettingsFlowWithOidcMethod"
-      saml: "#/components/schemas/updateSettingsFlowWithOidcMethod"
+      saml: "#/components/schemas/updateSettingsFlowWithSamlMethod"
       totp: "#/components/schemas/updateSettingsFlowWithTotpMethod"
       webauthn: "#/components/schemas/updateSettingsFlowWithWebAuthnMethod"
       passkey: "#/components/schemas/updateSettingsFlowWithPasskeyMethod"

driver/config/testhelpers/config.go

@@ -18,13 +18,18 @@ import (
 type (
 	TestConfigProvider struct {
 		contextx.Contextualizer
-		Options []configx.OptionModifier
+		Options      []configx.OptionModifier
+		ConfigSchema []byte
 	}
 	contextKey int
 )
 
 func (t *TestConfigProvider) NewProvider(ctx context.Context, opts ...configx.OptionModifier) (*configx.Provider, error) {
-	return configx.New(ctx, []byte(embedx.ConfigSchema), append(t.Options, opts...)...)
+	schema := []byte(embedx.ConfigSchema)
+	if len(t.ConfigSchema) > 0 {
+		schema = t.ConfigSchema
+	}
+	return configx.New(ctx, schema, append(t.Options, opts...)...)
 }
 
 func (t *TestConfigProvider) Config(ctx context.Context, config *configx.Provider) *configx.Provider {

identity/credentials_oidc.go

@@ -63,6 +63,11 @@ func (c *CredentialsOIDCEncryptedTokens) GetIDToken() string {
 
 // NewCredentialsOIDC creates a new OIDC credential.
 func NewCredentialsOIDC(tokens *CredentialsOIDCEncryptedTokens, provider, subject, organization string) (*Credentials, error) {
+	return NewOIDCLikeCredentials(tokens, CredentialsTypeOIDC, provider, subject, organization)
+}
+
+// NewOIDCLikeCredentials creates a new OIDC-like credential.
+func NewOIDCLikeCredentials(tokens *CredentialsOIDCEncryptedTokens, t CredentialsType, provider, subject, organization string) (*Credentials, error) {
 	if provider == "" {
 		return nil, errors.New("received empty provider in oidc credentials")
 	}
@@ -89,7 +94,7 @@ func NewCredentialsOIDC(tokens *CredentialsOIDCEncryptedTokens, provider, subjec
 	}
 
 	return &Credentials{
-		Type:        CredentialsTypeOIDC,
+		Type:        t,
 		Identifiers: []string{OIDCUniqueID(provider, subject)},
 		Config:      b.Bytes(),
 	}, nil

internal/client-go/.openapi-generator/FILES

@@ -113,6 +113,7 @@ docs/UpdateLoginFlowWithLookupSecretMethod.md
 docs/UpdateLoginFlowWithOidcMethod.md
 docs/UpdateLoginFlowWithPasskeyMethod.md
 docs/UpdateLoginFlowWithPasswordMethod.md
+docs/UpdateLoginFlowWithSamlMethod.md
 docs/UpdateLoginFlowWithTotpMethod.md
 docs/UpdateLoginFlowWithWebAuthnMethod.md
 docs/UpdateRecoveryFlowBody.md
@@ -124,13 +125,15 @@ docs/UpdateRegistrationFlowWithOidcMethod.md
 docs/UpdateRegistrationFlowWithPasskeyMethod.md
 docs/UpdateRegistrationFlowWithPasswordMethod.md
 docs/UpdateRegistrationFlowWithProfileMethod.md
+docs/UpdateRegistrationFlowWithSamlMethod.md
 docs/UpdateRegistrationFlowWithWebAuthnMethod.md
 docs/UpdateSettingsFlowBody.md
 docs/UpdateSettingsFlowWithLookupMethod.md
 docs/UpdateSettingsFlowWithOidcMethod.md
 docs/UpdateSettingsFlowWithPasskeyMethod.md
 docs/UpdateSettingsFlowWithPasswordMethod.md
 docs/UpdateSettingsFlowWithProfileMethod.md
+docs/UpdateSettingsFlowWithSamlMethod.md
 docs/UpdateSettingsFlowWithTotpMethod.md
 docs/UpdateSettingsFlowWithWebAuthnMethod.md
 docs/UpdateVerificationFlowBody.md
@@ -243,6 +246,7 @@ model_update_login_flow_with_lookup_secret_method.go
 model_update_login_flow_with_oidc_method.go
 model_update_login_flow_with_passkey_method.go
 model_update_login_flow_with_password_method.go
+model_update_login_flow_with_saml_method.go
 model_update_login_flow_with_totp_method.go
 model_update_login_flow_with_web_authn_method.go
 model_update_recovery_flow_body.go
@@ -254,13 +258,15 @@ model_update_registration_flow_with_oidc_method.go
 model_update_registration_flow_with_passkey_method.go
 model_update_registration_flow_with_password_method.go
 model_update_registration_flow_with_profile_method.go
+model_update_registration_flow_with_saml_method.go
 model_update_registration_flow_with_web_authn_method.go
 model_update_settings_flow_body.go
 model_update_settings_flow_with_lookup_method.go
 model_update_settings_flow_with_oidc_method.go
 model_update_settings_flow_with_passkey_method.go
 model_update_settings_flow_with_password_method.go
 model_update_settings_flow_with_profile_method.go
+model_update_settings_flow_with_saml_method.go
 model_update_settings_flow_with_totp_method.go
 model_update_settings_flow_with_web_authn_method.go
 model_update_verification_flow_body.go

internal/client-go/README.md

@@ -238,6 +238,7 @@ Class | Method | HTTP request | Description
  - [UpdateLoginFlowWithOidcMethod](docs/UpdateLoginFlowWithOidcMethod.md)
  - [UpdateLoginFlowWithPasskeyMethod](docs/UpdateLoginFlowWithPasskeyMethod.md)
  - [UpdateLoginFlowWithPasswordMethod](docs/UpdateLoginFlowWithPasswordMethod.md)
+ - [UpdateLoginFlowWithSamlMethod](docs/UpdateLoginFlowWithSamlMethod.md)
  - [UpdateLoginFlowWithTotpMethod](docs/UpdateLoginFlowWithTotpMethod.md)
  - [UpdateLoginFlowWithWebAuthnMethod](docs/UpdateLoginFlowWithWebAuthnMethod.md)
  - [UpdateRecoveryFlowBody](docs/UpdateRecoveryFlowBody.md)
@@ -249,13 +250,15 @@ Class | Method | HTTP request | Description
  - [UpdateRegistrationFlowWithPasskeyMethod](docs/UpdateRegistrationFlowWithPasskeyMethod.md)
  - [UpdateRegistrationFlowWithPasswordMethod](docs/UpdateRegistrationFlowWithPasswordMethod.md)
  - [UpdateRegistrationFlowWithProfileMethod](docs/UpdateRegistrationFlowWithProfileMethod.md)
+ - [UpdateRegistrationFlowWithSamlMethod](docs/UpdateRegistrationFlowWithSamlMethod.md)
  - [UpdateRegistrationFlowWithWebAuthnMethod](docs/UpdateRegistrationFlowWithWebAuthnMethod.md)
  - [UpdateSettingsFlowBody](docs/UpdateSettingsFlowBody.md)
  - [UpdateSettingsFlowWithLookupMethod](docs/UpdateSettingsFlowWithLookupMethod.md)
  - [UpdateSettingsFlowWithOidcMethod](docs/UpdateSettingsFlowWithOidcMethod.md)
  - [UpdateSettingsFlowWithPasskeyMethod](docs/UpdateSettingsFlowWithPasskeyMethod.md)
  - [UpdateSettingsFlowWithPasswordMethod](docs/UpdateSettingsFlowWithPasswordMethod.md)
  - [UpdateSettingsFlowWithProfileMethod](docs/UpdateSettingsFlowWithProfileMethod.md)
+ - [UpdateSettingsFlowWithSamlMethod](docs/UpdateSettingsFlowWithSamlMethod.md)
  - [UpdateSettingsFlowWithTotpMethod](docs/UpdateSettingsFlowWithTotpMethod.md)
  - [UpdateSettingsFlowWithWebAuthnMethod](docs/UpdateSettingsFlowWithWebAuthnMethod.md)
  - [UpdateVerificationFlowBody](docs/UpdateVerificationFlowBody.md)