feat: add otp name and make it configurable (#5631)

* feat: add otp name and make it configurable * feat: use pre-existing otp env var * feat: use requested domain if otp issuer is empty * cleanup --------- Co-authored-by: Sem den Broeder <semnelldenbroeder@gmail.com> Co-authored-by: Elio Bischof <eliobischof@gmail.com> Co-authored-by: Livio Spring <livio.a@gmail.com>
zitadel · Apr 26, 2023 · 19f2f83 · 19f2f83 · vercel · Apr 26, 2023
1 parent 923f691
commit 19f2f83
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml
@@ -321,6 +321,8 @@ SystemDefaults:
     ApplicationKeySize: 2048
   Multifactors:
     OTP:
+      # If this is empty, the issuer is the requested domain
+      # This is helpful in scenarios with multiple ZITADEL environments or virtual instances
       Issuer: "ZITADEL"
   DomainVerification:
     VerificationGenerator:

diff --git a/internal/command/user_human_otp.go b/internal/command/user_human_otp.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/zitadel/logging"
 
+	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
@@ -71,11 +72,14 @@ func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string
 	if accountName == "" {
 		accountName = string(human.EmailAddress)
 	}
-	key, secret, err := domain.NewOTPKey(c.multifactors.OTP.Issuer, accountName, c.multifactors.OTP.CryptoMFA)
+	issuer := c.multifactors.OTP.Issuer
+	if issuer == "" {
+		issuer = authz.GetInstance(ctx).RequestedDomain()
+	}
+	key, secret, err := domain.NewOTPKey(issuer, accountName, c.multifactors.OTP.CryptoMFA)
 	if err != nil {
 		return nil, err
 	}
-
 	_, err = c.eventstore.Push(ctx, user.NewHumanOTPAddedEvent(ctx, userAgg, secret))
 	if err != nil {
 		return nil, err