hope to add Dingtalk as an external IdP

[xianyu-one]

Preflight Checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions
• [X] I have joined the ZITADEL chat

Describe your problem

Due to the difference between Dingtalk's authentication process and the standard OAuth2, it cannot be directly added using the common method.

Describe your ideal solution

Currently, Casdoor has implemented this feature: https://github.com/casdoor/casdoor/blob/master/idp/dingtalk.go

Also, here is the official documentation for Dingtalk: https://open.dingtalk.com/document/orgapp/obtain-identity-credentials

sequenceDiagram
  participant A as Dingtalk User
  participant B as Third-Party Application
  participant C as Third-Party Application Server
  participant D as Dingtalk Open Platform

  A->>B: Request to log in to the third-party application
  B->>D: Request Dingtalk authorization login
  D->>A: Request user login confirmation
  A->>D: User confirms authorization
  D->>B: Launch the third-party application or redirect to the third party with auth_code
  B->>C: Exchange auth_code for access token
  C->>D: Call API to get access token
  D->>C: Return Token
  C->>D: Call business API
  D->>C: Return business data

If needed, I can provide a translation of the official documentation.

Version

v2.42.16

Environment

Self-hosted

Additional Context

No response

[hifabienne]

Thank you for sharing your idea. If there is a significant demand from customers/community, we will carefully consider implementing the feature. Currently, the issue will be added to our product backlog to collect feedback.

Meanwhile, if you're interested in implementing it yourself, we also welcome pull requests.