Display application name instead of client ID in device authorization grant message

[mlsmaycon]

Preflight Checklist

• I could not find a solution in the existing issues, docs, nor discussions
• I have joined the ZITADEL chat

Describe your problem

As of today the device authorization flow grant message displays the client ID (see attachment) and there is no way to customize that. know it is not a big issue since the client ID is "public" information, but maybe showing the application name would be a better option or allowing administrators to customize the page as well.

Describe your ideal solution

As an administrator I want my users to see a more friendly information, either the application ID or allow for omiting the client ID from this message.

Version

2.47.0

Environment

Self-hosted

Additional Context

No response

[hifabienne]

Thank you for sharing your idea.
If there is a significant demand from customers/community, we will carefully consider implementing the feature.
Currently, the issue will be added to our product backlog to collect feedback.

Meanwhile, if you're interested in implementing it yourself, we also welcome pull requests.

Relates also to this issue: #6120

[mlsmaycon]

@hifabienne can you direct us to the relevant code for this message, maybe I will be able to contribute?

[hifabienne]

@muhlemmer or @livio-a Can you help here?

[hifabienne]

What I found so far:
HTML Templates:

• Folder: https://github.com/zitadel/zitadel/tree/main/internal/api/ui/login/static/templates
• Device Action: https://github.com/zitadel/zitadel/blob/main/internal/api/ui/login/static/templates/device_action.html
• Device UserCode: https://github.com/zitadel/zitadel/blob/main/internal/api/ui/login/static/templates/device_usercode.html

Go Implementation:

• https://github.com/zitadel/zitadel/blob/main/internal/api/ui/login/device_auth.go

Not sure if thats all that is needed

[muhlemmer]

The pointers that @hifabienne provided are the correct positions to set the name to the rendered HTML. The problem however is that the AuthRequest we get from the storage does not have the name, and therefore it is not available.

You will need to modify the domain.Authrequest to carry the name, and any queries that populate the authrequest to also obtain and set the app name. It might be a complex change.

zitadel/internal/domain/auth_request.go

Lines 12 to 59 in 8f89877

	type AuthRequest struct {
	ID string
	AgentID string
	CreationDate time.Time
	ChangeDate time.Time
	BrowserInfo *BrowserInfo
	ApplicationID string
	CallbackURI string
	TransferState string
	Prompt []Prompt
	PossibleLOAs []LevelOfAssurance
	UiLocales []string
	LoginHint string
	MaxAuthAge *time.Duration
	InstanceID string
	Request Request
	levelOfAssurance LevelOfAssurance
	UserID string
	UserName string
	LoginName string
	DisplayName string
	AvatarKey string
	PresignedAvatar string
	UserOrgID string
	RequestedOrgID string
	RequestedOrgName string
	RequestedPrimaryDomain string
	RequestedOrgDomain bool
	ApplicationResourceOwner string
	PrivateLabelingSetting PrivateLabelingSetting
	SelectedIDPConfigID string
	LinkingUsers []*ExternalUser
	PossibleSteps []NextStep `json:"-"`
	PasswordVerified bool
	MFAsVerified []MFAType
	Audience []string
	AuthTime time.Time
	Code string
	LoginPolicy *LoginPolicy
	AllowedExternalIDPs []*IDPProvider
	LabelPolicy *LabelPolicy
	PrivacyPolicy *PrivacyPolicy
	LockoutPolicy *LockoutPolicy
	DefaultTranslations []*CustomText
	OrgTranslations []*CustomText
	SAMLRequestID string
	}

[vigneshsankariyer1234567890]

Hey, wondering if I could try this out!

[hifabienne]

@mlsmaycon Are you working on this? Or would you be glad if @vigneshsankariyer1234567890 would try to implement?

[mlsmaycon]

@mlsmaycon Are you working on this? Or would you be glad if @vigneshsankariyer1234567890 would try to implement?

I won't be able to do it for a couple of weeks. It would be great if @vigneshsankariyer1234567890 tries.

[hifabienne]

@vigneshsankariyer1234567890
I assigned you to the issue, thanks for your help