Switch to new API

[nikzen]

Description

There is a new API -> https://zitadel.com/docs/apis/resources/user_service_v2/user-service-add-human-user. This API would allow us to combine the create user & add metadata into one api call. It would also remove the nickname workaround, as we will be able to generate our own userId.

userId

• With the old API, the Zitadel userId was generated by Zitadel.
• With the new API, we are able to set our own userID.
• We need to find a rule of how to generate this userId.
• Suggestion: uuidv5-famedly-namespace (organizationId:idpId:user_id)

An example API call might look like this:

CURL
curl -L 'https://$CUSTOM-DOMAIN/v2/users/human' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "userId": "generatedUserId",
  "username": "email",
  "profile": {
    "givenName": "first_name",
    "familyName": "last_name",
    "displayName": "first_name, last_name"
  },
  "email": {
    "email": "email",
    "isVerified": true
  },
  "phone": {
    "phone": "phone",
    "isVerified": true
  },
  "metadata": [
    {
      "key": "localpart",
      "value": "uuidv5(user_id)"
    }
  ],
  "idpLinks": [
    {
      "idpId": "idpId",
      "userId": "user_id",
      "userName": "preferred_username"
    }
  ]
}

Deactivate / delete

Currently, we are using the nickname to search for users so that we can figure out the generated userId and then delete the user. We can remove the search API call, and directly delete all users based on the userId, as we know how the userId looks like. However, if we are in the deactivate-only mode we do not know the userid and have to search for the users, based on the mail address.

[emgrav]

Looks like the Zitadel crate already has support for v2 APIs in versions >=4.0.0:

https://github.com/smartive/zitadel-rust/releases/tag/v4.0.0