feat: add user agent field and updatedAt to session endpoint#534
Merged
mattdjenkinson merged 10 commits intomainfrom Apr 28, 2026
Merged
feat: add user agent field and updatedAt to session endpoint#534mattdjenkinson merged 10 commits intomainfrom
mattdjenkinson merged 10 commits intomainfrom
Conversation
Contributor
mattdjenkinson
requested review from
JoseSzycho,
kevwilliams,
scotwells and
zachsmith1
scotwells
reviewed
Mar 23, 2026
kevwilliams
previously approved these changes
Mar 23, 2026
mattdjenkinson
changed the title
Contributor
Author
|
@scotwells could you take a look at this again please? I've added an |
scotwells
previously approved these changes
Mar 25, 2026
Contributor
scotwells
left a comment
scotwells
left a comment
There was a problem hiding this comment.
Looks good. Let's test with Zitadel before we merge this in. Assume you confirmed all these fields are available from Zitadel?
Contributor
Author
|
@scotwells yeah, will push my branch for Zitadel and put on staging. |
mattdjenkinson
changed the title
Add Location, Browser, and OS string fields to identity SessionStatus so authentication providers can return enriched session data. The fields are populated by the auth-provider-zitadel apiserver, which calls an internal GraphQL gateway (parseUserAgent + geolocateIP) to resolve them from the raw IP and User-Agent before returning the session. All three are optional and remain empty when enrichment is unavailable or the source field is unknown.
…sion-data # Conflicts: # docs/api/identity.md
Contributor
|
@mattdjenkinson seems that when you executed |
The earlier task generate run on this branch produced 4-line stubs for docs/api/identity.md and docs/api/crm.md because the generate:docs script iterates config/crd/bases/* and the identity and crm groups have empty subdirectories there (their docs are hand-maintained). The same regression was seen and fixed previously in 90c6b57. Restore both files from main and update the SessionStatus table on identity.md to match the current types: drop expiresAt, add lastUpdatedAt and userAgent (introduced earlier on this branch), and add location, browser, and os populated by the GraphQL gateway enrichment path.
JoseSzycho
previously approved these changes
Apr 28, 2026
scotwells
reviewed
Apr 28, 2026
scotwells
previously approved these changes
Apr 28, 2026
The userinvitation controller's RBAC markers were missing patch on userinvitations and the userinvitations/finalizers subresource. The generated role.yaml on main had the rules anyway but they were drift from the markers; running task generate during the recent merge removed them, which would have broken patch operations and finalizer removal in the controller. Add the missing markers so controller-gen produces the same role.yaml that main was carrying, and the source of truth lives next to the controller logic that depends on it.
mattdjenkinson
dismissed stale reviews from scotwells and JoseSzycho
via
1de1096
scotwells
approved these changes
Apr 28, 2026
3 tasks
mattdjenkinson
added a commit
that referenced
this pull request
Apr 28, 2026
…ds (#585) ## Summary - Removes `location`, `browser`, and `os` from `SessionStatus` (added in #534). - Keeps `ip`, `fingerprintID`, `lastUpdatedAt`, and `userAgent` — those are the raw fields the auth provider actually populates. - Regenerates `zz_generated.openapi.go` via \`task generate:openapi:identity\`. - Hand-edits `docs/api/identity.md` to remove the three rows from the SessionStatus table (this file is hand-maintained because `config/crd/bases/identity/` is empty). ## Why The session-enrichment topology has been re-aligned: the GraphQL gateway now fetches sessions from this API and produces its own `ExtendedSession` type with geolocation and parsed user-agent attached. The `auth-provider-zitadel` apiserver only writes raw values, so these three derived-data fields on `SessionStatus` are never populated. Leaving them in place would suggest the API surfaces data it doesn't actually carry. ## Companion PRs - `datum-cloud/auth-provider-zitadel#81` — corrected to expose raw IP / fingerprint / lastUpdatedAt / userAgent only (no enrichment). - `datum-cloud/graphql-gateway` — new sessions resolver coming next. - `datum-cloud/infra#2268` — auth-provider gateway-call wiring removed; gateway-side MaxMind plumbing retained. ## Test plan - [x] \`task generate:code\` and \`task generate:openapi:identity\` clean. - [x] \`go build ./pkg/apis/...\` clean. - [ ] After this lands and milo cuts \`v0.24.6\`, bump \`go.miloapis.com/milo\` in auth-provider-zitadel to drop the now-stale dependency on the removed fields (no code changes needed there since the auth provider never set them).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds fields for location, client details and last active to the user session. Once this is merged i'll raise a PR for auth-provider-zitadel to populate these fields.