fix: base distroless sans nonroot pour port 80

.gitignore

@@ -1,3 +1,6 @@
 config.yaml
 .vscode
+.idea/
 __debug_bin
+mobility-accounts
+build/

.gitlab-ci.yml

@@ -0,0 +1,31 @@
+stages:
+  - test
+  - publish
+
+variables:
+  GOLANG_VERSION: "1.25"
+
+default:
+  image: golang:${GOLANG_VERSION}
+
+test:
+  stage: test
+  script:
+    - go test ./...
+
+docker:
+  stage: publish
+  image: docker:latest
+  services:
+    - docker:dind
+  variables:
+    DOCKER_BUILDKIT: "1"
+  before_script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG .
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
+    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG $CI_REGISTRY_IMAGE:latest
+    - docker push $CI_REGISTRY_IMAGE:latest
+  rules:
+    - if: $CI_COMMIT_TAG

.idea/.gitignore

@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Editor-based HTTP Client requests
-/httpRequests/
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml

.idea/mobility-accounts.iml

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module version="4">
-  <component name="Go" enabled="true" />
-</module>

.idea/vcs.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="" vcs="Git" />
-  </component>
-</project>

Dockerfile

@@ -1,28 +1,17 @@
-FROM golang:alpine as builder
+FROM golang:alpine AS builder
 
-ARG ACCESS_TOKEN_USR="nothing"
+WORKDIR /app
-ARG ACCESS_TOKEN_PWD="nothing"
-
-RUN apk add --no-cache ca-certificates tzdata
-
-WORKDIR /
-
-# Create a netrc file using the credentials specified using --build-arg
-RUN printf "machine git.coopgo.io\n\
-    login ${ACCESS_TOKEN_USR}\n\
-    password ${ACCESS_TOKEN_PWD}\n"\
-    >> ~/.netrc
-RUN chmod 600 ~/.netrc
 
 COPY . .
 
-RUN go mod download && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /server
+RUN CGO_ENABLED=0 go build -o /server
+
+FROM gcr.io/distroless/static
+
+WORKDIR /
 
-FROM scratch
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
 COPY --from=builder /server /
-COPY --from=builder /oidc-provider/templates /oidc-provider/templates
+COPY --from=builder /app/oidc-provider/web /web
 
 EXPOSE 8080
 EXPOSE 80

config.go

@@ -7,23 +7,38 @@ import (
 )
 
 func ReadConfig() (*viper.Viper, error) {
+	// defaults := map[string]any{
+	// 	"name":    "COOPGO Mobility Accounts",
+	// 	"dev_env": false,
+	// 	"storage": map[string]any{
+	// 		"db": map[string]any{
+	// 			"type": "psql",
+	// 			"psql": map[string]any{
+	// 				"user":     "postgres",
+	// 				"password": "postgres",
+	// 				"host":     "localhost",
+	// 				"port":     "5432",
+	// 				"dbname":   "coopgo_platform",
+	// 				"sslmode":  "disable",
+	// 				"schema":   "mobilityaccounts",
+	// 				"tables": map[string]any{
+	// 					"accounts":            "accounts",
+	// 					"accounts_auth_local": "accounts_auth_local",
+	// 				},
+	// 			},
+	// 		},
 	defaults := map[string]any{
 		"name":    "COOPGO Mobility Accounts",
 		"dev_env": false,
 		"storage": map[string]any{
 			"db": map[string]any{
-				"type": "psql",
+				"type": "mongodb",
-				"psql": map[string]any{
+				"mongodb": map[string]any{
-					"user":     "postgres",
-					"password": "postgres",
 					"host":    "localhost",
-					"port":     "5432",
+					"port":    "27017",
-					"dbname":   "coopgo_platform",
+					"db_name": "coopgo_platform",
-					"sslmode":  "disable",
+					"collections": map[string]any{
-					"schema":   "mobilityaccounts",
+						"users": "users",
-					"tables": map[string]any{
-						"accounts":            "accounts",
-						"accounts_auth_local": "accounts_auth_local",
 					},
 				},
 			},

examples/grpcclient/go.mod

@@ -1,7 +1,7 @@
-module git.coopgo.io/coopgo-platform/mobility-accounts/examples/grpcclient
+module gitlab.com/mobicoop/solidarity/services/mobility-accounts/examples/grpcclient
 
 require (
-	git.coopgo.io/coopgo-platform/mobility-accounts v0.0.0
+	gitlab.com/mobicoop/solidarity/services/mobility-accounts v0.0.0
 	google.golang.org/grpc v1.48.0
 )
 
@@ -51,6 +51,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.0 // indirect
 )
 
-replace git.coopgo.io/coopgo-platform/mobility-accounts => ../../
+replace gitlab.com/mobicoop/solidarity/services/mobility-accounts => ../../
 
 go 1.18

examples/grpcclient/main.go

@@ -3,23 +3,26 @@ package main
 import (
 	"context"
 	"encoding/json"
-	"fmt"
 	"io/ioutil"
 	"os"
 
-	"git.coopgo.io/coopgo-platform/mobility-accounts/grpcapi"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/grpcapi"
-	"git.coopgo.io/coopgo-platform/mobility-accounts/storage"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/storage"
+	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
 	"google.golang.org/grpc"
 )
 
 func main() {
+	zerolog.TimeFieldFormat = zerolog.TimeFormatUnix
+	log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr})
 	if len(os.Args) < 2 {
-		fmt.Println("missing JSON file path")
+		log.Error().Msg("missing JSON file path")
 		return
 	}
 	conn, err := grpc.Dial("dns:///localhost:8090", grpc.WithInsecure(), grpc.WithDefaultServiceConfig(`{"loadBalancingPolicy":"round_robin"}`))
 	if err != nil {
-		panic(err)
+		log.Panic().Err(err).Msg("Cannot dial local server")
 	}
 
 	client := grpcapi.NewMobilityAccountsClient(conn)
@@ -46,5 +49,5 @@ func main() {
 		panic(err)
 	}
 
-	fmt.Println(string(jsonresponse))
+	log.Debug().Str("response", string(jsonresponse)).Msg("JSOn response")
 }

go.mod

@@ -1,86 +1,118 @@
-module git.coopgo.io/coopgo-platform/mobility-accounts
+module gitlab.com/mobicoop/solidarity/services/mobility-accounts
 
-go 1.18
+go 1.24
 
 require (
-	ariga.io/atlas v0.10.1
+	ariga.io/atlas v0.31.1-0.20250212144724-069be8033e83
-	github.com/google/uuid v1.3.0
+	github.com/dexidp/dex v0.0.0-20250219130842-7d1a7473c8a0
-	github.com/gorilla/csrf v1.7.1
+	github.com/google/uuid v1.6.0
-	github.com/gorilla/mux v1.8.0
+	github.com/lib/pq v1.10.9
-	github.com/lib/pq v1.10.2
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/ory/fosite v0.42.2
+	github.com/rs/zerolog v1.33.0
 	github.com/santhosh-tekuri/jsonschema/v5 v5.0.0
 	github.com/spf13/viper v1.15.0
-	github.com/stretchr/testify v1.8.2
+	github.com/stretchr/testify v1.10.0
-	go.etcd.io/etcd/client/v3 v3.5.6
+	go.etcd.io/etcd/client/v3 v3.5.18
 	go.mongodb.org/mongo-driver v1.11.4
-	golang.org/x/crypto v0.6.0
+	golang.org/x/crypto v0.33.0
-	google.golang.org/grpc v1.52.0
+	google.golang.org/grpc v1.70.0
-	google.golang.org/protobuf v1.28.1
+	google.golang.org/protobuf v1.36.5
-	gopkg.in/square/go-jose.v2 v2.5.2-0.20210529014059-a5c7eec3c614
 )
 
 require (
+	cloud.google.com/go/auth v0.14.1 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
+	cloud.google.com/go/compute/metadata v0.6.0 // indirect
+	dario.cat/mergo v1.0.1 // indirect
+	github.com/AppsFlyer/go-sundheit v0.6.0 // indirect
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver/v3 v3.3.0 // indirect
+	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/agext/levenshtein v1.2.1 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
-	github.com/cespare/xxhash v1.1.0 // indirect
+	github.com/beevik/etree v1.5.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bmatcuk/doublestar v1.3.4 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/coreos/go-oidc/v3 v3.12.0 // indirect
 	github.com/coreos/go-semver v0.3.0 // indirect
-	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/dgraph-io/ristretto v0.0.3 // indirect
+	github.com/dexidp/dex/api/v2 v2.3.0 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+	github.com/go-ldap/ldap/v3 v3.4.10 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/inflect v0.19.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.1 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/google/s2a-go v0.1.9 // indirect
-	github.com/gorilla/websocket v1.4.2 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.14.1 // indirect
+	github.com/gorilla/handlers v1.5.2 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.16.2 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/huandu/xstrings v1.5.0 // indirect
-	github.com/klauspost/compress v1.13.6 // indirect
+	github.com/jonboulle/clockwork v0.2.2 // indirect
+	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mattn/goveralls v0.0.6 // indirect
+	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7 // indirect
-	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe // indirect
-	github.com/ory/go-acc v0.2.6 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/ory/go-convenience v0.1.0 // indirect
-	github.com/ory/viper v1.7.5 // indirect
-	github.com/ory/x v0.0.214 // indirect
-	github.com/pborman/uuid v1.2.0 // indirect
-	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.20.5 // indirect
+	github.com/prometheus/client_model v0.6.1 // indirect
+	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/procfs v0.15.1 // indirect
+	github.com/russellhaering/goxmldsig v1.4.0 // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/spf13/afero v1.9.3 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/cast v1.7.0 // indirect
-	github.com/spf13/cobra v1.0.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/tidwall/pretty v1.1.0 // indirect
 	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
 	github.com/xdg-go/scram v1.1.1 // indirect
 	github.com/xdg-go/stringprep v1.0.3 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect
-	github.com/zclconf/go-cty v1.12.1 // indirect
+	github.com/zclconf/go-cty v1.14.4 // indirect
-	go.etcd.io/etcd/api/v3 v3.5.6 // indirect
+	github.com/zclconf/go-cty-yaml v1.1.0 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.5.6 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.18 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.18 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
+	go.opentelemetry.io/otel v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/trace v1.34.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.21.0 // indirect
-	golang.org/x/net v0.6.0 // indirect
+	golang.org/x/exp v0.0.0-20221004215720-b9f4876ce741 // indirect
-	golang.org/x/sync v0.1.0 // indirect
+	golang.org/x/net v0.35.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
+	golang.org/x/oauth2 v0.26.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
-	google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
+	golang.org/x/text v0.22.0 // indirect
+	google.golang.org/api v0.221.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250207221924-e9438ea467c6 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
-
-//replace github.com/ory/fosite => ../../../github.com/ory/fosite

grpcapi/accounts.go

@@ -2,9 +2,9 @@ package grpcapi
 
 import (
 	"encoding/json"
-	"fmt"
 
-	"git.coopgo.io/coopgo-platform/mobility-accounts/storage"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/storage"
+	"github.com/rs/zerolog/log"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/types/known/structpb"
 )
@@ -19,6 +19,7 @@ func (a Account) ToStorageType() storage.Account {
 		ID:        a.Id,
 		Namespace: a.Namespace,
 		Data:      map[string]any{},
+		Metadata:  map[string]any{},
 		Authentication: storage.AccountAuth{
 			Local: localauth,
 		},
@@ -27,7 +28,7 @@ func (a Account) ToStorageType() storage.Account {
 	for k, d := range a.Data.GetFields() {
 		jsondata, err := protojson.Marshal(d)
 		if err != nil {
-			fmt.Println(err)
+			log.Error().Err(err).Msg("")
 			break
 		}
 		var data any
@@ -35,10 +36,33 @@ func (a Account) ToStorageType() storage.Account {
 		account.Data[k] = data
 	}
 
+	for k, d := range a.Metadata.GetFields() {
+		jsondata, err := protojson.Marshal(d)
+		if err != nil {
+			log.Error().Err(err).Msg("")
+			break
+		}
+		var data any
+		json.Unmarshal(jsondata, &data)
+		account.Metadata[k] = data
+	}
+
 	return account
 }
 
 func (lc LocalAuth) ToStorageType() storage.LocalAuth {
+	emailValidation := storage.Validation{}
+	if lc.EmailValidation != nil {
+		emailValidation.Validated = lc.EmailValidation.Validated
+		emailValidation.ValidationCode = lc.EmailValidation.ValidationCode
+	}
+
+	phoneValidation := storage.Validation{}
+	if lc.PhoneNumberValidation != nil {
+		phoneValidation.Validated = lc.PhoneNumberValidation.Validated
+		phoneValidation.ValidationCode = lc.PhoneNumberValidation.ValidationCode
+	}
+
 	return storage.LocalAuth{
 		Username: lc.Username,
 		Password: lc.Password,
@@ -68,7 +92,18 @@ func AccountFromStorageType(account *storage.Account) (*Account, error) {
 
 	data, err := structpb.NewStruct(d)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
+		return nil, err
+	}
+
+	m, err := sanitizeData(account.Metadata)
+	if err != nil {
+		return nil, err
+	}
+
+	metadata, err := structpb.NewStruct(m)
+	if err != nil {
+		log.Error().Err(err).Msg("")
 		return nil, err
 	}
 
@@ -76,6 +111,7 @@ func AccountFromStorageType(account *storage.Account) (*Account, error) {
 		Id:        account.ID,
 		Namespace: account.Namespace,
 		Data:      data,
+		Metadata:  metadata,
 		Authentication: &AccountAuth{
 			Local: lc,
 		},

grpcapi/accounts.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.0
+// 	protoc-gen-go v1.36.7
-// 	protoc        v3.19.6
+// 	protoc        v6.31.1
 // source: accounts.proto
 
 package grpcapi
@@ -12,6 +12,7 @@ import (
 	structpb "google.golang.org/protobuf/types/known/structpb"
 	reflect "reflect"
 	sync "sync"
+	unsafe "unsafe"
 )
 
 const (
@@ -22,23 +23,21 @@ const (
 )
 
 type Account struct {
-	state         protoimpl.MessageState
+	state          protoimpl.MessageState `protogen:"open.v1"`
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
 	Id             string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	Namespace      string                 `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
 	Authentication *AccountAuth           `protobuf:"bytes,3,opt,name=authentication,proto3" json:"authentication,omitempty"`
 	Data           *structpb.Struct       `protobuf:"bytes,4,opt,name=data,proto3" json:"data,omitempty"`
+	Metadata       *structpb.Struct       `protobuf:"bytes,5,opt,name=metadata,proto3" json:"metadata,omitempty"`
+	unknownFields  protoimpl.UnknownFields
+	sizeCache      protoimpl.SizeCache
 }
 
 func (x *Account) Reset() {
 	*x = Account{}
-	if protoimpl.UnsafeEnabled {
 	mi := &file_accounts_proto_msgTypes[0]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
-	}
 }
 
 func (x *Account) String() string {
@@ -49,7 +48,7 @@ func (*Account) ProtoMessage() {}
 
 func (x *Account) ProtoReflect() protoreflect.Message {
 	mi := &file_accounts_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -92,21 +91,25 @@ func (x *Account) GetData() *structpb.Struct {
 	return nil
 }
 
-type AccountAuth struct {
+func (x *Account) GetMetadata() *structpb.Struct {
-	state         protoimpl.MessageState
+	if x != nil {
-	sizeCache     protoimpl.SizeCache
+		return x.Metadata
-	unknownFields protoimpl.UnknownFields
+	}
+	return nil
+}
 
+type AccountAuth struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
 	Local         *LocalAuth             `protobuf:"bytes,7,opt,name=local,proto3,oneof" json:"local,omitempty"` //TODO SSO
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
 }
 
 func (x *AccountAuth) Reset() {
 	*x = AccountAuth{}
-	if protoimpl.UnsafeEnabled {
 	mi := &file_accounts_proto_msgTypes[1]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
-	}
 }
 
 func (x *AccountAuth) String() string {
@@ -117,7 +120,7 @@ func (*AccountAuth) ProtoMessage() {}
 
 func (x *AccountAuth) ProtoReflect() protoreflect.Message {
 	mi := &file_accounts_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -140,25 +143,22 @@ func (x *AccountAuth) GetLocal() *LocalAuth {
 }
 
 type LocalAuth struct {
-	state         protoimpl.MessageState
+	state                 protoimpl.MessageState `protogen:"open.v1"`
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
 	Username              *string                `protobuf:"bytes,10,opt,name=username,proto3,oneof" json:"username,omitempty"`
 	Password              string                 `protobuf:"bytes,11,opt,name=password,proto3" json:"password,omitempty"`
 	Email                 *string                `protobuf:"bytes,12,opt,name=email,proto3,oneof" json:"email,omitempty"`
 	PhoneNumber           *string                `protobuf:"bytes,13,opt,name=phone_number,json=phoneNumber,proto3,oneof" json:"phone_number,omitempty"`
 	EmailValidation       *Validation            `protobuf:"bytes,14,opt,name=email_validation,json=emailValidation,proto3,oneof" json:"email_validation,omitempty"`
 	PhoneNumberValidation *Validation            `protobuf:"bytes,15,opt,name=phone_number_validation,json=phoneNumberValidation,proto3,oneof" json:"phone_number_validation,omitempty"`
+	unknownFields         protoimpl.UnknownFields
+	sizeCache             protoimpl.SizeCache
 }
 
 func (x *LocalAuth) Reset() {
 	*x = LocalAuth{}
-	if protoimpl.UnsafeEnabled {
 	mi := &file_accounts_proto_msgTypes[2]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
-	}
 }
 
 func (x *LocalAuth) String() string {
@@ -169,7 +169,7 @@ func (*LocalAuth) ProtoMessage() {}
 
 func (x *LocalAuth) ProtoReflect() protoreflect.Message {
 	mi := &file_accounts_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -227,21 +227,18 @@ func (x *LocalAuth) GetPhoneNumberValidation() *Validation {
 }
 
 type Validation struct {
-	state         protoimpl.MessageState
+	state          protoimpl.MessageState `protogen:"open.v1"`
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
 	Validated      bool                   `protobuf:"varint,20,opt,name=validated,proto3" json:"validated,omitempty"`
 	ValidationCode string                 `protobuf:"bytes,21,opt,name=validation_code,json=validationCode,proto3" json:"validation_code,omitempty"`
+	unknownFields  protoimpl.UnknownFields
+	sizeCache      protoimpl.SizeCache
 }
 
 func (x *Validation) Reset() {
 	*x = Validation{}
-	if protoimpl.UnsafeEnabled {
 	mi := &file_accounts_proto_msgTypes[3]
 	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 	ms.StoreMessageInfo(mi)
-	}
 }
 
 func (x *Validation) String() string {
@@ -252,7 +249,7 @@ func (*Validation) ProtoMessage() {}
 
 func (x *Validation) ProtoReflect() protoreflect.Message {
 	mi := &file_accounts_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@@ -283,73 +280,51 @@ func (x *Validation) GetValidationCode() string {
 
 var File_accounts_proto protoreflect.FileDescriptor
 
-var file_accounts_proto_rawDesc = []byte{
+const file_accounts_proto_rawDesc = "" +
-	0x0a, 0x0e, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	"\n" +
-	0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	"\x0eaccounts.proto\x1a\x1cgoogle/protobuf/struct.proto\"\xcf\x01\n" +
-	0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9a,
+	"\aAccount\x12\x0e\n" +
-	0x01, 0x0a, 0x07, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64,
+	"\x02id\x18\x01 \x01(\tR\x02id\x12\x1c\n" +
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61,
+	"\tnamespace\x18\x02 \x01(\tR\tnamespace\x124\n" +
-	0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e,
+	"\x0eauthentication\x18\x03 \x01(\v2\f.AccountAuthR\x0eauthentication\x12+\n" +
-	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x34, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68,
+	"\x04data\x18\x04 \x01(\v2\x17.google.protobuf.StructR\x04data\x123\n" +
-	0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+	"\bmetadata\x18\x05 \x01(\v2\x17.google.protobuf.StructR\bmetadata\">\n" +
-	0x32, 0x0c, 0x2e, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, 0x52, 0x0e,
+	"\vAccountAuth\x12%\n" +
-	0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2b,
+	"\x05local\x18\a \x01(\v2\n" +
-	0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67,
+	".LocalAuthH\x00R\x05local\x88\x01\x01B\b\n" +
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53,
+	"\x06_local\"\xeb\x02\n" +
-	0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0x3e, 0x0a, 0x0b, 0x41,
+	"\tLocalAuth\x12\x1f\n" +
-	0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, 0x12, 0x25, 0x0a, 0x05, 0x6c, 0x6f,
+	"\busername\x18\n" +
-	0x63, 0x61, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x4c, 0x6f, 0x63, 0x61,
+	" \x01(\tH\x00R\busername\x88\x01\x01\x12\x1a\n" +
-	0x6c, 0x41, 0x75, 0x74, 0x68, 0x48, 0x00, 0x52, 0x05, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x88, 0x01,
+	"\bpassword\x18\v \x01(\tR\bpassword\x12\x19\n" +
-	0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x22, 0xeb, 0x02, 0x0a, 0x09,
+	"\x05email\x18\f \x01(\tH\x01R\x05email\x88\x01\x01\x12&\n" +
-	0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x08, 0x75, 0x73, 0x65,
+	"\fphone_number\x18\r \x01(\tH\x02R\vphoneNumber\x88\x01\x01\x12;\n" +
-	0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x08, 0x75,
+	"\x10email_validation\x18\x0e \x01(\v2\v.ValidationH\x03R\x0femailValidation\x88\x01\x01\x12H\n" +
-	0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x88, 0x01, 0x01, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61,
+	"\x17phone_number_validation\x18\x0f \x01(\v2\v.ValidationH\x04R\x15phoneNumberValidation\x88\x01\x01B\v\n" +
-	0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61,
+	"\t_usernameB\b\n" +
-	0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x19, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18,
+	"\x06_emailB\x0f\n" +
-	0x0c, 0x20, 0x01, 0x28, 0x09, 0x48, 0x01, 0x52, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x88, 0x01,
+	"\r_phone_numberB\x13\n" +
-	0x01, 0x12, 0x26, 0x0a, 0x0c, 0x70, 0x68, 0x6f, 0x6e, 0x65, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65,
+	"\x11_email_validationB\x1a\n" +
-	0x72, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x48, 0x02, 0x52, 0x0b, 0x70, 0x68, 0x6f, 0x6e, 0x65,
+	"\x18_phone_number_validation\"S\n" +
-	0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x88, 0x01, 0x01, 0x12, 0x3b, 0x0a, 0x10, 0x65, 0x6d, 0x61,
+	"\n" +
-	0x69, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0e, 0x20,
+	"Validation\x12\x1c\n" +
-	0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	"\tvalidated\x18\x14 \x01(\bR\tvalidated\x12'\n" +
-	0x48, 0x03, 0x52, 0x0f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
+	"\x0fvalidation_code\x18\x15 \x01(\tR\x0evalidationCodeBCZAgitlab.com/mobicoop/solidarity/services/mobility-accounts/grpcapib\x06proto3"
-	0x69, 0x6f, 0x6e, 0x88, 0x01, 0x01, 0x12, 0x48, 0x0a, 0x17, 0x70, 0x68, 0x6f, 0x6e, 0x65, 0x5f,
-	0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
-	0x6e, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0b, 0x2e, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x48, 0x04, 0x52, 0x15, 0x70, 0x68, 0x6f, 0x6e, 0x65, 0x4e, 0x75, 0x6d,
-	0x62, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x88, 0x01, 0x01,
-	0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x08, 0x0a,
-	0x06, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x70, 0x68, 0x6f, 0x6e,
-	0x65, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x65, 0x6d, 0x61,
-	0x69, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x1a, 0x0a,
-	0x18, 0x5f, 0x70, 0x68, 0x6f, 0x6e, 0x65, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x5f, 0x76,
-	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x53, 0x0a, 0x0a, 0x56, 0x61, 0x6c,
-	0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64,
-	0x61, 0x74, 0x65, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x76, 0x61, 0x6c, 0x69,
-	0x64, 0x61, 0x74, 0x65, 0x64, 0x12, 0x27, 0x0a, 0x0f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74,
-	0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e,
-	0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x64, 0x65, 0x42, 0x39,
-	0x5a, 0x37, 0x67, 0x69, 0x74, 0x2e, 0x63, 0x6f, 0x6f, 0x70, 0x67, 0x6f, 0x2e, 0x69, 0x6f, 0x2f,
-	0x63, 0x6f, 0x6f, 0x70, 0x67, 0x6f, 0x2d, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f,
-	0x6d, 0x6f, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2d, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74,
-	0x73, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
-}
 
 var (
 	file_accounts_proto_rawDescOnce sync.Once
-	file_accounts_proto_rawDescData = file_accounts_proto_rawDesc
+	file_accounts_proto_rawDescData []byte
 )
 
 func file_accounts_proto_rawDescGZIP() []byte {
 	file_accounts_proto_rawDescOnce.Do(func() {
-		file_accounts_proto_rawDescData = protoimpl.X.CompressGZIP(file_accounts_proto_rawDescData)
+		file_accounts_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_accounts_proto_rawDesc), len(file_accounts_proto_rawDesc)))
 	})
 	return file_accounts_proto_rawDescData
 }
 
 var file_accounts_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
-var file_accounts_proto_goTypes = []interface{}{
+var file_accounts_proto_goTypes = []any{
 	(*Account)(nil),         // 0: Account
 	(*AccountAuth)(nil),     // 1: AccountAuth
 	(*LocalAuth)(nil),       // 2: LocalAuth
@@ -359,14 +334,15 @@ var file_accounts_proto_goTypes = []interface{}{
 var file_accounts_proto_depIdxs = []int32{
 	1, // 0: Account.authentication:type_name -> AccountAuth
 	4, // 1: Account.data:type_name -> google.protobuf.Struct
-	2, // 2: AccountAuth.local:type_name -> LocalAuth
+	4, // 2: Account.metadata:type_name -> google.protobuf.Struct
-	3, // 3: LocalAuth.email_validation:type_name -> Validation
+	2, // 3: AccountAuth.local:type_name -> LocalAuth
-	3, // 4: LocalAuth.phone_number_validation:type_name -> Validation
+	3, // 4: LocalAuth.email_validation:type_name -> Validation
-	5, // [5:5] is the sub-list for method output_type
+	3, // 5: LocalAuth.phone_number_validation:type_name -> Validation
-	5, // [5:5] is the sub-list for method input_type
+	6, // [6:6] is the sub-list for method output_type
-	5, // [5:5] is the sub-list for extension type_name
+	6, // [6:6] is the sub-list for method input_type
-	5, // [5:5] is the sub-list for extension extendee
+	6, // [6:6] is the sub-list for extension type_name
-	0, // [0:5] is the sub-list for field type_name
+	6, // [6:6] is the sub-list for extension extendee
+	0, // [0:6] is the sub-list for field type_name
 }
 
 func init() { file_accounts_proto_init() }
@@ -374,63 +350,13 @@ func file_accounts_proto_init() {
 	if File_accounts_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
+	file_accounts_proto_msgTypes[1].OneofWrappers = []any{}
-		file_accounts_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+	file_accounts_proto_msgTypes[2].OneofWrappers = []any{}
-			switch v := v.(*Account); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_accounts_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*AccountAuth); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_accounts_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*LocalAuth); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_accounts_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Validation); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
-	file_accounts_proto_msgTypes[1].OneofWrappers = []interface{}{}
-	file_accounts_proto_msgTypes[2].OneofWrappers = []interface{}{}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_accounts_proto_rawDesc,
+			RawDescriptor: unsafe.Slice(unsafe.StringData(file_accounts_proto_rawDesc), len(file_accounts_proto_rawDesc)),
 			NumEnums:      0,
 			NumMessages:   4,
 			NumExtensions: 0,
@@ -441,7 +367,6 @@ func file_accounts_proto_init() {
 		MessageInfos:      file_accounts_proto_msgTypes,
 	}.Build()
 	File_accounts_proto = out.File
-	file_accounts_proto_rawDesc = nil
 	file_accounts_proto_goTypes = nil
 	file_accounts_proto_depIdxs = nil
 }

grpcapi/accounts.proto

@@ -1,6 +1,6 @@
 syntax = "proto3";
 
-option go_package = "git.coopgo.io/coopgo-platform/mobility-accounts/grpcapi";
+option go_package = "gitlab.com/mobicoop/solidarity/services/mobility-accounts/grpcapi";
 
 import "google/protobuf/struct.proto";
 
@@ -9,6 +9,7 @@ message Account {
     string namespace = 2;
     AccountAuth authentication = 3;
     google.protobuf.Struct data = 4;
+    google.protobuf.Struct metadata = 5;
 }
 
 message AccountAuth {

grpcapi/comasvc.proto

@@ -2,7 +2,7 @@
 
 syntax = "proto3";
 
-option go_package = "git.coopgo.io/coopgo-platform/mobility-accounts/grpcapi";
+option go_package = "gitlab.com/mobicoop/solidarity/services/mobility-accounts/grpcapi";
 
 import "accounts.proto";
 
@@ -14,6 +14,7 @@ service MobilityAccounts {
     rpc GetAccountUsername(GetAccountUsernameRequest) returns (GetAccountUsernameResponse) {}
     rpc GetAccounts(GetAccountsRequest) returns (GetAccountsResponse) {}
     rpc GetAccountsBatch(GetAccountsBatchRequest) returns (GetAccountsBatchResponse) {}
+    rpc DeleteAccount(DeleteAccountRequest) returns (DeleteAccountResponse) {}
 
     // Authentication functions
     rpc Login(LoginRequest) returns (LoginResponse) {}
@@ -96,3 +97,9 @@ message ChangePasswordRequest {
 }
 
 message ChangePasswordResponse {}
+
+message DeleteAccountRequest {
+    string id = 22;
+}
+
+message DeleteAccountResponse {}

grpcapi/comasvc_grpc.pb.go

@@ -1,7 +1,9 @@
+//COMA (COOPGO Mobility Accounts) gRPC service definition
+
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
-// - protoc-gen-go-grpc v1.2.0
+// - protoc-gen-go-grpc v1.5.1
-// - protoc             v3.19.6
+// - protoc             v6.31.1
 // source: comasvc.proto
 
 package grpcapi
@@ -15,8 +17,21 @@ import (
 
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
+// Requires gRPC-Go v1.64.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	MobilityAccounts_Register_FullMethodName           = "/MobilityAccounts/Register"
+	MobilityAccounts_UpdateData_FullMethodName         = "/MobilityAccounts/UpdateData"
+	MobilityAccounts_UpdatePhoneNumber_FullMethodName  = "/MobilityAccounts/UpdatePhoneNumber"
+	MobilityAccounts_GetAccount_FullMethodName         = "/MobilityAccounts/GetAccount"
+	MobilityAccounts_GetAccountUsername_FullMethodName = "/MobilityAccounts/GetAccountUsername"
+	MobilityAccounts_GetAccounts_FullMethodName        = "/MobilityAccounts/GetAccounts"
+	MobilityAccounts_GetAccountsBatch_FullMethodName   = "/MobilityAccounts/GetAccountsBatch"
+	MobilityAccounts_DeleteAccount_FullMethodName      = "/MobilityAccounts/DeleteAccount"
+	MobilityAccounts_Login_FullMethodName              = "/MobilityAccounts/Login"
+	MobilityAccounts_ChangePassword_FullMethodName     = "/MobilityAccounts/ChangePassword"
+)
 
 // MobilityAccountsClient is the client API for MobilityAccounts service.
 //
@@ -29,6 +44,7 @@ type MobilityAccountsClient interface {
 	GetAccountUsername(ctx context.Context, in *GetAccountUsernameRequest, opts ...grpc.CallOption) (*GetAccountUsernameResponse, error)
 	GetAccounts(ctx context.Context, in *GetAccountsRequest, opts ...grpc.CallOption) (*GetAccountsResponse, error)
 	GetAccountsBatch(ctx context.Context, in *GetAccountsBatchRequest, opts ...grpc.CallOption) (*GetAccountsBatchResponse, error)
+	DeleteAccount(ctx context.Context, in *DeleteAccountRequest, opts ...grpc.CallOption) (*DeleteAccountResponse, error)
 	// Authentication functions
 	Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
 	ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*ChangePasswordResponse, error)
@@ -43,8 +59,9 @@ func NewMobilityAccountsClient(cc grpc.ClientConnInterface) MobilityAccountsClie
 }
 
 func (c *mobilityAccountsClient) Register(ctx context.Context, in *RegisterRequest, opts ...grpc.CallOption) (*RegisterResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(RegisterResponse)
-	err := c.cc.Invoke(ctx, "/MobilityAccounts/Register", in, out, opts...)
+	err := c.cc.Invoke(ctx, MobilityAccounts_Register_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -52,8 +69,9 @@ func (c *mobilityAccountsClient) Register(ctx context.Context, in *RegisterReque
 }
 
 func (c *mobilityAccountsClient) UpdateData(ctx context.Context, in *UpdateDataRequest, opts ...grpc.CallOption) (*UpdateDataResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(UpdateDataResponse)
-	err := c.cc.Invoke(ctx, "/MobilityAccounts/UpdateData", in, out, opts...)
+	err := c.cc.Invoke(ctx, MobilityAccounts_UpdateData_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -61,8 +79,9 @@ func (c *mobilityAccountsClient) UpdateData(ctx context.Context, in *UpdateDataR
 }
 
 func (c *mobilityAccountsClient) UpdatePhoneNumber(ctx context.Context, in *UpdatePhoneNumberRequest, opts ...grpc.CallOption) (*UpdatePhoneNumberResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(UpdatePhoneNumberResponse)
-	err := c.cc.Invoke(ctx, "/MobilityAccounts/UpdatePhoneNumber", in, out, opts...)
+	err := c.cc.Invoke(ctx, MobilityAccounts_UpdatePhoneNumber_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -70,8 +89,9 @@ func (c *mobilityAccountsClient) UpdatePhoneNumber(ctx context.Context, in *Upda
 }
 
 func (c *mobilityAccountsClient) GetAccount(ctx context.Context, in *GetAccountRequest, opts ...grpc.CallOption) (*GetAccountResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(GetAccountResponse)
-	err := c.cc.Invoke(ctx, "/MobilityAccounts/GetAccount", in, out, opts...)
+	err := c.cc.Invoke(ctx, MobilityAccounts_GetAccount_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -79,8 +99,9 @@ func (c *mobilityAccountsClient) GetAccount(ctx context.Context, in *GetAccountR
 }
 
 func (c *mobilityAccountsClient) GetAccountUsername(ctx context.Context, in *GetAccountUsernameRequest, opts ...grpc.CallOption) (*GetAccountUsernameResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(GetAccountUsernameResponse)
-	err := c.cc.Invoke(ctx, "/MobilityAccounts/GetAccountUsername", in, out, opts...)
+	err := c.cc.Invoke(ctx, MobilityAccounts_GetAccountUsername_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -88,8 +109,9 @@ func (c *mobilityAccountsClient) GetAccountUsername(ctx context.Context, in *Get
 }
 
 func (c *mobilityAccountsClient) GetAccounts(ctx context.Context, in *GetAccountsRequest, opts ...grpc.CallOption) (*GetAccountsResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(GetAccountsResponse)
-	err := c.cc.Invoke(ctx, "/MobilityAccounts/GetAccounts", in, out, opts...)
+	err := c.cc.Invoke(ctx, MobilityAccounts_GetAccounts_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -97,8 +119,19 @@ func (c *mobilityAccountsClient) GetAccounts(ctx context.Context, in *GetAccount
 }
 
 func (c *mobilityAccountsClient) GetAccountsBatch(ctx context.Context, in *GetAccountsBatchRequest, opts ...grpc.CallOption) (*GetAccountsBatchResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(GetAccountsBatchResponse)
-	err := c.cc.Invoke(ctx, "/MobilityAccounts/GetAccountsBatch", in, out, opts...)
+	err := c.cc.Invoke(ctx, MobilityAccounts_GetAccountsBatch_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *mobilityAccountsClient) DeleteAccount(ctx context.Context, in *DeleteAccountRequest, opts ...grpc.CallOption) (*DeleteAccountResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(DeleteAccountResponse)
+	err := c.cc.Invoke(ctx, MobilityAccounts_DeleteAccount_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -106,8 +139,9 @@ func (c *mobilityAccountsClient) GetAccountsBatch(ctx context.Context, in *GetAc
 }
 
 func (c *mobilityAccountsClient) Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(LoginResponse)
-	err := c.cc.Invoke(ctx, "/MobilityAccounts/Login", in, out, opts...)
+	err := c.cc.Invoke(ctx, MobilityAccounts_Login_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -115,8 +149,9 @@ func (c *mobilityAccountsClient) Login(ctx context.Context, in *LoginRequest, op
 }
 
 func (c *mobilityAccountsClient) ChangePassword(ctx context.Context, in *ChangePasswordRequest, opts ...grpc.CallOption) (*ChangePasswordResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
 	out := new(ChangePasswordResponse)
-	err := c.cc.Invoke(ctx, "/MobilityAccounts/ChangePassword", in, out, opts...)
+	err := c.cc.Invoke(ctx, MobilityAccounts_ChangePassword_FullMethodName, in, out, cOpts...)
 	if err != nil {
 		return nil, err
 	}
@@ -125,7 +160,7 @@ func (c *mobilityAccountsClient) ChangePassword(ctx context.Context, in *ChangeP
 
 // MobilityAccountsServer is the server API for MobilityAccounts service.
 // All implementations must embed UnimplementedMobilityAccountsServer
-// for forward compatibility
+// for forward compatibility.
 type MobilityAccountsServer interface {
 	Register(context.Context, *RegisterRequest) (*RegisterResponse, error)
 	UpdateData(context.Context, *UpdateDataRequest) (*UpdateDataResponse, error)
@@ -134,15 +169,19 @@ type MobilityAccountsServer interface {
 	GetAccountUsername(context.Context, *GetAccountUsernameRequest) (*GetAccountUsernameResponse, error)
 	GetAccounts(context.Context, *GetAccountsRequest) (*GetAccountsResponse, error)
 	GetAccountsBatch(context.Context, *GetAccountsBatchRequest) (*GetAccountsBatchResponse, error)
+	DeleteAccount(context.Context, *DeleteAccountRequest) (*DeleteAccountResponse, error)
 	// Authentication functions
 	Login(context.Context, *LoginRequest) (*LoginResponse, error)
 	ChangePassword(context.Context, *ChangePasswordRequest) (*ChangePasswordResponse, error)
 	mustEmbedUnimplementedMobilityAccountsServer()
 }
 
-// UnimplementedMobilityAccountsServer must be embedded to have forward compatible implementations.
+// UnimplementedMobilityAccountsServer must be embedded to have
-type UnimplementedMobilityAccountsServer struct {
+// forward compatible implementations.
-}
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedMobilityAccountsServer struct{}
 
 func (UnimplementedMobilityAccountsServer) Register(context.Context, *RegisterRequest) (*RegisterResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Register not implemented")
@@ -165,6 +204,9 @@ func (UnimplementedMobilityAccountsServer) GetAccounts(context.Context, *GetAcco
 func (UnimplementedMobilityAccountsServer) GetAccountsBatch(context.Context, *GetAccountsBatchRequest) (*GetAccountsBatchResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetAccountsBatch not implemented")
 }
+func (UnimplementedMobilityAccountsServer) DeleteAccount(context.Context, *DeleteAccountRequest) (*DeleteAccountResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteAccount not implemented")
+}
 func (UnimplementedMobilityAccountsServer) Login(context.Context, *LoginRequest) (*LoginResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Login not implemented")
 }
@@ -172,6 +214,7 @@ func (UnimplementedMobilityAccountsServer) ChangePassword(context.Context, *Chan
 	return nil, status.Errorf(codes.Unimplemented, "method ChangePassword not implemented")
 }
 func (UnimplementedMobilityAccountsServer) mustEmbedUnimplementedMobilityAccountsServer() {}
+func (UnimplementedMobilityAccountsServer) testEmbeddedByValue()                          {}
 
 // UnsafeMobilityAccountsServer may be embedded to opt out of forward compatibility for this service.
 // Use of this interface is not recommended, as added methods to MobilityAccountsServer will
@@ -181,6 +224,13 @@ type UnsafeMobilityAccountsServer interface {
 }
 
 func RegisterMobilityAccountsServer(s grpc.ServiceRegistrar, srv MobilityAccountsServer) {
+	// If the following call pancis, it indicates UnimplementedMobilityAccountsServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
 	s.RegisterService(&MobilityAccounts_ServiceDesc, srv)
 }
 
@@ -194,7 +244,7 @@ func _MobilityAccounts_Register_Handler(srv interface{}, ctx context.Context, de
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/MobilityAccounts/Register",
+		FullMethod: MobilityAccounts_Register_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(MobilityAccountsServer).Register(ctx, req.(*RegisterRequest))
@@ -212,7 +262,7 @@ func _MobilityAccounts_UpdateData_Handler(srv interface{}, ctx context.Context,
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/MobilityAccounts/UpdateData",
+		FullMethod: MobilityAccounts_UpdateData_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(MobilityAccountsServer).UpdateData(ctx, req.(*UpdateDataRequest))
@@ -230,7 +280,7 @@ func _MobilityAccounts_UpdatePhoneNumber_Handler(srv interface{}, ctx context.Co
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/MobilityAccounts/UpdatePhoneNumber",
+		FullMethod: MobilityAccounts_UpdatePhoneNumber_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(MobilityAccountsServer).UpdatePhoneNumber(ctx, req.(*UpdatePhoneNumberRequest))
@@ -248,7 +298,7 @@ func _MobilityAccounts_GetAccount_Handler(srv interface{}, ctx context.Context,
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/MobilityAccounts/GetAccount",
+		FullMethod: MobilityAccounts_GetAccount_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(MobilityAccountsServer).GetAccount(ctx, req.(*GetAccountRequest))
@@ -266,7 +316,7 @@ func _MobilityAccounts_GetAccountUsername_Handler(srv interface{}, ctx context.C
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/MobilityAccounts/GetAccountUsername",
+		FullMethod: MobilityAccounts_GetAccountUsername_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(MobilityAccountsServer).GetAccountUsername(ctx, req.(*GetAccountUsernameRequest))
@@ -284,7 +334,7 @@ func _MobilityAccounts_GetAccounts_Handler(srv interface{}, ctx context.Context,
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/MobilityAccounts/GetAccounts",
+		FullMethod: MobilityAccounts_GetAccounts_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(MobilityAccountsServer).GetAccounts(ctx, req.(*GetAccountsRequest))
@@ -302,7 +352,7 @@ func _MobilityAccounts_GetAccountsBatch_Handler(srv interface{}, ctx context.Con
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/MobilityAccounts/GetAccountsBatch",
+		FullMethod: MobilityAccounts_GetAccountsBatch_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(MobilityAccountsServer).GetAccountsBatch(ctx, req.(*GetAccountsBatchRequest))
@@ -310,6 +360,24 @@ func _MobilityAccounts_GetAccountsBatch_Handler(srv interface{}, ctx context.Con
 	return interceptor(ctx, in, info, handler)
 }
 
+func _MobilityAccounts_DeleteAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteAccountRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MobilityAccountsServer).DeleteAccount(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: MobilityAccounts_DeleteAccount_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MobilityAccountsServer).DeleteAccount(ctx, req.(*DeleteAccountRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 func _MobilityAccounts_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(LoginRequest)
 	if err := dec(in); err != nil {
@@ -320,7 +388,7 @@ func _MobilityAccounts_Login_Handler(srv interface{}, ctx context.Context, dec f
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/MobilityAccounts/Login",
+		FullMethod: MobilityAccounts_Login_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(MobilityAccountsServer).Login(ctx, req.(*LoginRequest))
@@ -338,7 +406,7 @@ func _MobilityAccounts_ChangePassword_Handler(srv interface{}, ctx context.Conte
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/MobilityAccounts/ChangePassword",
+		FullMethod: MobilityAccounts_ChangePassword_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(MobilityAccountsServer).ChangePassword(ctx, req.(*ChangePasswordRequest))
@@ -381,6 +449,10 @@ var MobilityAccounts_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "GetAccountsBatch",
 			Handler:    _MobilityAccounts_GetAccountsBatch_Handler,
 		},
+		{
+			MethodName: "DeleteAccount",
+			Handler:    _MobilityAccounts_DeleteAccount_Handler,
+		},
 		{
 			MethodName: "Login",
 			Handler:    _MobilityAccounts_Login_Handler,

grpcapi/grpcapi.go

@@ -2,11 +2,10 @@ package grpcapi
 
 import (
 	context "context"
-	"fmt"
-	"log"
 	"net"
 
-	"git.coopgo.io/coopgo-platform/mobility-accounts/handlers"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/handlers"
+	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
 	"google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
@@ -31,7 +30,7 @@ func (s MobilityAccountsServerImpl) Login(ctx context.Context, req *LoginRequest
 	}
 	response, err := AccountFromStorageType(account)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return nil, status.Errorf(codes.Internal, "issue while retrieving account : %v", err)
 	}
 	return &LoginResponse{Account: response}, nil
@@ -40,12 +39,12 @@ func (s MobilityAccountsServerImpl) Register(ctx context.Context, req *RegisterR
 	a := req.Account.ToStorageType()
 	account, err := s.handler.Register(a)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return nil, status.Errorf(codes.AlreadyExists, "account creation failed : %v", err)
 	}
 	response, err := AccountFromStorageType(account)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return nil, status.Errorf(codes.Internal, "issue while retrieving account : %v", err)
 	}
 	return &RegisterResponse{Account: response}, nil
@@ -58,7 +57,7 @@ func (s MobilityAccountsServerImpl) UpdateData(ctx context.Context, req *UpdateD
 	}
 	response, err := AccountFromStorageType(account)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return nil, status.Errorf(codes.Internal, "issue while retrieving account : %v", err)
 	}
 	return &UpdateDataResponse{Account: response}, nil
@@ -78,12 +77,12 @@ func (s MobilityAccountsServerImpl) UpdatePhoneNumber(ctx context.Context, req *
 func (s MobilityAccountsServerImpl) GetAccount(ctx context.Context, req *GetAccountRequest) (*GetAccountResponse, error) {
 	account, err := s.handler.GetAccount(req.Id)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
-		return nil, status.Errorf(codes.AlreadyExists, "issue while retrieving account : %v", err)
+		return nil, status.Errorf(codes.NotFound, "issue while retrieving account : %v", err)
 	}
 	response, err := AccountFromStorageType(account)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return nil, status.Errorf(codes.Internal, "issue while retrieving account : %v", err)
 	}
 	return &GetAccountResponse{Account: response}, nil
@@ -91,12 +90,12 @@ func (s MobilityAccountsServerImpl) GetAccount(ctx context.Context, req *GetAcco
 func (s MobilityAccountsServerImpl) GetAccountUsername(ctx context.Context, req *GetAccountUsernameRequest) (*GetAccountUsernameResponse, error) {
 	account, err := s.handler.GetAccountUsername(req.Username, req.Namespace)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
-		return nil, status.Errorf(codes.AlreadyExists, "issue while retrieving account : %v", err)
+		return nil, status.Errorf(codes.NotFound, "issue while retrieving account : %v", err)
 	}
 	response, err := AccountFromStorageType(account)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return nil, status.Errorf(codes.Internal, "issue while retrieving account : %v", err)
 	}
 	return &GetAccountUsernameResponse{Account: response}, nil
@@ -140,6 +139,13 @@ func (s MobilityAccountsServerImpl) ChangePassword(ctx context.Context, req *Cha
 	}
 	return &ChangePasswordResponse{}, nil
 }
+func (s MobilityAccountsServerImpl) DeleteAccount(ctx context.Context, req *DeleteAccountRequest) (*DeleteAccountResponse, error) {
+	err := s.handler.DeleteAccount(req.Id)
+	if err != nil {
+		return nil, status.Errorf(codes.Internal, "failed to delete account: %v", err)
+	}
+	return &DeleteAccountResponse{}, nil
+}
 func (MobilityAccountsServerImpl) mustEmbedUnimplementedMobilityAccountsServer() {}
 
 func Run(done chan error, cfg *viper.Viper, handler handlers.MobilityAccountsHandler) {
@@ -147,13 +153,13 @@ func Run(done chan error, cfg *viper.Viper, handler handlers.MobilityAccountsHan
 		dev_env = cfg.GetBool("dev_env")
 		address = ":" + cfg.GetString("services.grpc.port")
 	)
-	fmt.Println("-> GRPC server on", address)
+	log.Info().Str("address", address).Msg("Running gRPC server")
 
 	server := grpc.NewServer()
 	RegisterMobilityAccountsServer(server, NewMobilityAccountsServer(handler))
 	l, err := net.Listen("tcp", address)
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal().Str("address", address).Err(err).Msg("gRPC server cannot listen")
 	}
 
 	if dev_env {
@@ -161,7 +167,7 @@ func Run(done chan error, cfg *viper.Viper, handler handlers.MobilityAccountsHan
 	}
 
 	if err := server.Serve(l); err != nil {
-		fmt.Println("gRPC service ended")
+		log.Error().Err(err).Msg("gRPC service ended")
 		done <- err
 	}
 }

handlers/accounts.go

@@ -2,12 +2,12 @@ package handlers
 
 import (
 	"errors"
-	"fmt"
 	"strings"
 	"time"
 
-	"git.coopgo.io/coopgo-platform/mobility-accounts/storage"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/storage"
 	"github.com/google/uuid"
+	"github.com/rs/zerolog/log"
 	"github.com/santhosh-tekuri/jsonschema/v5"
 	"golang.org/x/crypto/bcrypt"
 )
@@ -19,12 +19,12 @@ func (h MobilityAccountsHandler) Login(username string, password string, namespa
 	u := strings.ToLower(username)
 	account, err := h.storage.DB.LocalAuthentication(namespace, &u, nil, nil)
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return nil, err
 	}
 
 	if err = bcrypt.CompareHashAndPassword([]byte(account.Authentication.Local.Password), []byte(password)); err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return nil, err
 	}
 
@@ -46,11 +46,16 @@ func (h MobilityAccountsHandler) Register(account storage.Account) (*storage.Acc
 	}
 	if account.Authentication.Local != nil && account.Authentication.Local.Email != nil {
 		email := strings.ToLower(*account.Authentication.Local.Email)
-		account.Authentication.Local.Username = &email
+		account.Authentication.Local.Email = &email
 	}
 
-	//TODO remove this as we want to handle unicity in storage
 	if account.Authentication.Local != nil {
+		// Check if account with same username/email/phone already exists
+		existing, _ := h.storage.DB.LocalAuthentication(account.Namespace, account.Authentication.Local.Username, account.Authentication.Local.Email, account.Authentication.Local.PhoneNumber)
+		if existing != nil {
+			return nil, errors.New("account with same credentials already exists")
+		}
+
 		// If a password was sent, hash the password
 		if account.Authentication.Local.Password != "" {
 			hashedPassword, err := bcrypt.GenerateFromPassword([]byte(account.Authentication.Local.Password), bcrypt.DefaultCost)
@@ -59,9 +64,6 @@ func (h MobilityAccountsHandler) Register(account storage.Account) (*storage.Acc
 			}
 			account.Authentication.Local.Password = string(hashedPassword)
 		}
-
-		_, _ = h.storage.DB.LocalAuthentication(account.Namespace, account.Authentication.Local.Username, account.Authentication.Local.Email, account.Authentication.Local.PhoneNumber)
-
 	}
 
 	// Validate data schemas
@@ -108,7 +110,7 @@ func (h MobilityAccountsHandler) UpdateData(accountid string, datas map[string]a
 	dataschemas := h.config.GetStringMap("data_schemas")
 	for k, v := range datas {
 		if !h.config.GetBool("allow_any_data") && dataschemas[k] == nil {
-			fmt.Println("data scope not allowed")
+			log.Error().Msg("data scope not allowed")
 			return nil, errors.New("data scope not allowed")
 		}
 
@@ -116,19 +118,19 @@ func (h MobilityAccountsHandler) UpdateData(accountid string, datas map[string]a
 			s := dataschemas[k].(map[string]string)
 			sch, err := jsonschema.Compile(s["schema"])
 			if err != nil {
-				fmt.Println(err)
+				log.Error().Err(err).Msg("")
 				return nil, err
 			}
 
 			if err = sch.Validate(v); err != nil {
-				fmt.Println(err)
+				log.Error().Err(err).Msg("")
 				return nil, err
 			}
 		}
 		account.Data[k] = v
 	}
 	if err = h.storage.DB.UpdateAccount(*account); err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return nil, err
 	}
 
@@ -151,7 +153,7 @@ func (h MobilityAccountsHandler) UpdatePhoneNumber(accountid, phone_number strin
 	account.Authentication.Local.PhoneNumberValidation.ValidationCode = verification_code
 
 	if err = h.storage.DB.UpdateAccount(*account); err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return err
 	}
 
@@ -199,3 +201,7 @@ func (h MobilityAccountsHandler) ChangePassword(accountid string, newpassword st
 
 	return nil
 }
+
+func (h MobilityAccountsHandler) DeleteAccount(id string) error {
+	return h.storage.DB.DeleteAccount(id)
+}

handlers/handlers.go

@@ -1,7 +1,7 @@
 package handlers
 
 import (
-	"git.coopgo.io/coopgo-platform/mobility-accounts/storage"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/storage"
 	"github.com/spf13/viper"
 )
 

main.go

@@ -1,12 +1,14 @@
 package main
 
 import (
-	"fmt"
+	"os"
 
-	"git.coopgo.io/coopgo-platform/mobility-accounts/grpcapi"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/grpcapi"
-	"git.coopgo.io/coopgo-platform/mobility-accounts/handlers"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/handlers"
-	op "git.coopgo.io/coopgo-platform/mobility-accounts/oidc-provider"
+	op "gitlab.com/mobicoop/solidarity/services/mobility-accounts/oidc-provider"
-	"git.coopgo.io/coopgo-platform/mobility-accounts/storage"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/storage"
+	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
 )
 
 func main() {
@@ -22,20 +24,22 @@ func main() {
 		dev_env              = cfg.GetBool("dev_env")
 	)
 
+	if dev_env {
+		log.Logger = log.Output(zerolog.ConsoleWriter{Out: os.Stderr})
+	}
+
 	storage, err := storage.NewStorage(cfg)
 	if err != nil {
-		panic(err)
+		log.Panic().Err(err).Msg("Cannot connect to storage")
+		return
 	}
 
 	handler := handlers.NewHandler(cfg, storage)
 
-	fmt.Println("Running", service_name, ":")
-	if dev_env {
-		fmt.Printf("\033]0;%s\007", service_name)
-	}
-
 	failed := make(chan error)
 
+	log.Info().Str("service_name", service_name).Msg("Running service")
+
 	if grpc_enable {
 		go grpcapi.Run(failed, cfg, handler)
 	}
@@ -46,6 +50,6 @@ func main() {
 
 	err = <-failed
 
-	fmt.Println("Terminating :", err)
+	log.Fatal().Err(err).Msg("Terminating server")
 
 }

oidc-provider/connector/connector.go

@@ -0,0 +1,151 @@
+package connector
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log/slog"
+
+	"github.com/dexidp/dex/connector"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/handlers"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/storage"
+)
+
+// Config is the connector configuration used by Dex's ConnectorConfig interface.
+// Fields are injected in-process (not via JSON unmarshaling).
+type Config struct {
+	Handler   *handlers.MobilityAccountsHandler
+	Storage   storage.Storage
+	Namespace string
+}
+
+// Open satisfies server.ConnectorConfig. It returns a Connector that implements
+// connector.PasswordConnector and connector.RefreshConnector.
+func (c *Config) Open(id string, logger *slog.Logger) (connector.Connector, error) {
+	if c.Handler == nil {
+		return nil, fmt.Errorf("mobilityaccounts connector: handler is nil")
+	}
+	return &Connector{
+		handler:   c.Handler,
+		storage:   c.Storage,
+		namespace: c.Namespace,
+		logger:    logger,
+	}, nil
+}
+
+// Connector bridges Dex authentication to the mobility-accounts handler.
+// It implements connector.PasswordConnector and connector.RefreshConnector.
+type Connector struct {
+	handler   *handlers.MobilityAccountsHandler
+	storage   storage.Storage
+	namespace string
+	logger    *slog.Logger
+}
+
+// Prompt returns the label displayed on the password form input.
+func (c *Connector) Prompt() string { return "Email" }
+
+// Login authenticates a user via the mobility-accounts handler and maps the
+// account data to a Dex Identity with standard OIDC claims.
+func (c *Connector) Login(ctx context.Context, s connector.Scopes, username, password string) (connector.Identity, bool, error) {
+	account, err := c.handler.Login(username, password, c.namespace)
+	if err != nil {
+		// Invalid credentials: return validPassword=false, no error
+		return connector.Identity{}, false, nil
+	}
+
+	c.logger.Info("connector login", "account_id", account.ID, "data_keys", dataKeys(account.Data), "groups_raw", fmt.Sprintf("%T: %v", account.Data["groups"], account.Data["groups"]))
+
+	identity := buildIdentity(account)
+	c.logger.Info("connector identity", "groups", identity.Groups, "email", identity.Email, "username", identity.Username)
+	return identity, true, nil
+}
+
+// Refresh is called when a client uses a refresh token. It reloads the account
+// from storage to reflect any changes since the last authentication.
+func (c *Connector) Refresh(ctx context.Context, s connector.Scopes, identity connector.Identity) (connector.Identity, error) {
+	account, err := c.storage.DB.GetAccount(identity.UserID)
+	if err != nil {
+		return identity, fmt.Errorf("mobilityaccounts connector: refresh failed: %w", err)
+	}
+
+	return buildIdentity(account), nil
+}
+
+// buildIdentity maps a mobility-accounts Account to a Dex connector.Identity.
+// Dex maps Identity.Username to the "name" OIDC claim and
+// Identity.PreferredUsername to the "preferred_username" claim.
+func buildIdentity(account *storage.Account) connector.Identity {
+	displayName := getStringData(account, "display_name")
+	if displayName == "" {
+		displayName = derefString(account.Authentication.Local.Username)
+	}
+	return connector.Identity{
+		UserID:            account.ID,
+		Username:          displayName,
+		PreferredUsername: derefString(account.Authentication.Local.Username),
+		Email:             getStringData(account, "email"),
+		EmailVerified:     true,
+		Groups:            getGroups(account),
+		ConnectorData:     nil,
+	}
+}
+
+// dataKeys returns the keys of a map for debug logging.
+func dataKeys(m map[string]any) []string {
+	keys := make([]string, 0, len(m))
+	for k := range m {
+		keys = append(keys, k)
+	}
+	return keys
+}
+
+// derefString safely dereferences a *string, returning "" if nil.
+func derefString(s *string) string {
+	if s == nil {
+		return ""
+	}
+	return *s
+}
+
+// getStringData retrieves a string value from account.Data by key.
+func getStringData(account *storage.Account, key string) string {
+	if account.Data == nil {
+		return ""
+	}
+	v, ok := account.Data[key]
+	if !ok {
+		return ""
+	}
+	s, ok := v.(string)
+	if !ok {
+		return ""
+	}
+	return s
+}
+
+// getGroups retrieves the groups slice from account.Data["groups"].
+// Uses JSON round-tripping to handle any BSON/primitive type from MongoDB.
+func getGroups(account *storage.Account) []string {
+	if account.Data == nil {
+		return []string{}
+	}
+	v, ok := account.Data["groups"]
+	if !ok || v == nil {
+		return []string{}
+	}
+
+	// JSON round-trip handles primitive.A, []interface{}, []string, etc.
+	b, err := json.Marshal(v)
+	if err != nil {
+		return []string{}
+	}
+	var groups []string
+	if err := json.Unmarshal(b, &groups); err != nil {
+		return []string{}
+	}
+	if groups == nil {
+		return []string{}
+	}
+	return groups
+}

oidc-provider/endpoints_auth.go

@@ -1,101 +0,0 @@
-package op
-
-import (
-	"fmt"
-	"html/template"
-	"net/http"
-	"time"
-
-	"github.com/gorilla/csrf"
-	"github.com/gorilla/mux"
-	"github.com/ory/fosite"
-	"github.com/ory/fosite/handler/openid"
-	"github.com/ory/fosite/token/jwt"
-)
-
-func (op *OIDCHandler) AuthEndpoint(w http.ResponseWriter, r *http.Request) {
-	namespace := mux.Vars(r)["namespace"]
-	oauth2Provider := op.NamespaceProviders[namespace]
-	templates_dir := op.config.Namespaces[namespace].TemplatesDir
-
-	t := template.New("auth")
-	t = template.Must(t.ParseFiles(
-		templates_dir + "/auth.html",
-	))
-
-	ctx := r.Context()
-	ar, err := oauth2Provider.NewAuthorizeRequest(ctx, r)
-	if err != nil {
-		oauth2Provider.WriteAuthorizeError(w, ar, err)
-		return
-	}
-
-	if r.Method == "POST" {
-		if r.Form.Get("username") == "" || r.Form.Get("password") == "" {
-			oauth2Provider.WriteAuthorizeError(w, ar, fosite.ErrAccessDenied)
-			return
-		}
-
-		account, err := op.handler.Login(r.Form.Get("username"), r.Form.Get("password"), namespace)
-		if err != nil {
-			if err = t.ExecuteTemplate(w, "auth", map[string]any{
-				csrf.TemplateTag: csrf.TemplateField(r),
-				"error":          fmt.Sprintf("Wrong username (%v) or password (%v) in namespace \"%v\"", r.Form.Get("username"), r.Form.Get("password"), namespace),
-				"realError":      err,
-			}); err != nil {
-				oauth2Provider.WriteAuthorizeError(w, ar, err)
-			}
-			return
-		}
-
-		sessionData := &openid.DefaultSession{
-			Claims: &jwt.IDTokenClaims{
-				Issuer:      fmt.Sprintf("%s://%s/%s", op.Protocol, r.Host, namespace),
-				Subject:     account.ID,
-				Audience:    []string{},
-				ExpiresAt:   time.Now().Add(time.Hour * 30),
-				IssuedAt:    time.Now(),
-				RequestedAt: time.Now(),
-				AuthTime:    time.Now(),
-				Extra:       make(map[string]interface{}),
-			},
-			Username: r.Form.Get("username"),
-			Subject:  account.ID,
-			Headers: &jwt.Headers{
-				Extra: make(map[string]interface{}),
-			},
-		}
-
-		// Manage claims
-		for _, v := range ar.GetRequestedScopes() {
-			ar.GrantScope(v)
-
-			if v != "openid" { // TODO handle standard claims like profile, email, ...
-				if mc, ok := op.config.Namespaces[namespace].MatchClaims[v]; ok {
-					if d, ok := account.Data[mc]; ok {
-						sessionData.Claims.Extra[v] = d
-					}
-				} else if d, ok := account.Data[v]; ok {
-					sessionData.Claims.Extra[v] = d
-				}
-			}
-		}
-
-		response, err := oauth2Provider.NewAuthorizeResponse(ctx, ar, sessionData)
-		if err != nil {
-			oauth2Provider.WriteAuthorizeError(w, ar, err)
-			return
-		}
-
-		oauth2Provider.WriteAuthorizeResponse(w, ar, response)
-		return
-	}
-
-	err = t.ExecuteTemplate(w, "auth", map[string]any{
-		// csrf.TemplateTag: csrf.TemplateField(r),
-	})
-
-	if err != nil {
-		panic(err)
-	}
-}

oidc-provider/endpoints_introspection.go

@@ -1,26 +0,0 @@
-package op
-
-import (
-	"log"
-	"net/http"
-
-	"github.com/gorilla/mux"
-	"github.com/ory/fosite"
-)
-
-func (op *OIDCHandler) IntrospectionEndpoint(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Access-Control-Allow-Origin", "*")
-	namespace := mux.Vars(r)["namespace"]
-	oauth2Provider := op.NamespaceProviders[namespace]
-
-	ctx := r.Context()
-	mySessionData := new(fosite.DefaultSession)
-	ir, err := oauth2Provider.NewIntrospectionRequest(ctx, r, mySessionData)
-	if err != nil {
-		log.Printf("Error occurred in NewIntrospectionRequest: %+v", err)
-		oauth2Provider.WriteIntrospectionError(w, err)
-		return
-	}
-
-	oauth2Provider.WriteIntrospectionResponse(w, ir)
-}

oidc-provider/endpoints_token.go

@@ -1,41 +0,0 @@
-package op
-
-import (
-	"fmt"
-	"net/http"
-
-	"github.com/gorilla/mux"
-	"github.com/ory/fosite/handler/openid"
-)
-
-func (op *OIDCHandler) TokenEndpoint(w http.ResponseWriter, req *http.Request) {
-	w.Header().Set("Access-Control-Allow-Origin", "*")
-	namespace := mux.Vars(req)["namespace"]
-	provider := op.NamespaceProviders[namespace]
-
-	ctx := req.Context()
-
-	mySessionData := openid.NewDefaultSession()
-
-	accessRequest, err := provider.NewAccessRequest(ctx, req, mySessionData)
-	if err != nil {
-		fmt.Printf("Error occurred in NewAccessRequest: %+v", err)
-		provider.WriteAccessError(w, accessRequest, err)
-		return
-	}
-
-	if accessRequest.GetGrantTypes().ExactOne("client_credentials") {
-		for _, scope := range accessRequest.GetRequestedScopes() {
-			accessRequest.GrantScope(scope)
-		}
-	}
-
-	response, err := provider.NewAccessResponse(ctx, accessRequest)
-	if err != nil {
-		fmt.Printf("Error occurred in NewAccessResponse: %+v", err)
-		provider.WriteAccessError(w, accessRequest, err)
-		return
-	}
-
-	provider.WriteAccessResponse(w, accessRequest, response)
-}

oidc-provider/endpoints_userinfo.go

@@ -1,8 +0,0 @@
-package op
-
-import "net/http"
-
-func (op *OIDCHandler) UserinfoEndpoint(w http.ResponseWriter, req *http.Request) {
-	// TODO
-	w.WriteHeader(http.StatusNotFound)
-}

oidc-provider/endpoints_wellknown.go

@@ -1,63 +0,0 @@
-package op
-
-import (
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/gorilla/mux"
-	"gopkg.in/square/go-jose.v2"
-)
-
-func (op *OIDCHandler) WellKnownOIDCEndpoint(w http.ResponseWriter, r *http.Request) {
-
-	var (
-		host      = r.Host
-		namespace = mux.Vars(r)["namespace"]
-		protocol  = op.Protocol
-		issuer    = fmt.Sprintf("%s://%s/%s", protocol, host, namespace)
-	)
-
-	response := map[string]any{
-		"issuer":                                issuer,
-		"authorization_endpoint":                issuer + "/auth",
-		"token_endpoint":                        issuer + "/token",
-		"userinfo_endpoint":                     issuer + "/userinfo",
-		"id_token_signing_alg_values_supported": []string{"RS256"},
-		"grant_types_supported":                 []string{"authorization_code", "implicit", "client_credentials", "refresh_token"},
-		"response_types":                        []string{"code", "code id_token", "id_token", "token id_token", "token", "token id_token code"},
-		"response_modes_supported":              []string{"query", "fragment"},
-		"jwks_uri":                              issuer + "/.well-known/jwks.json",
-	}
-
-	json, err := json.Marshal(response)
-	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError)
-		return
-	}
-
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(http.StatusOK)
-	w.Write(json)
-}
-
-func (op *OIDCHandler) WellKnownJWKSEndpoint(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Content-Type", "application/json")
-	jwks := &jose.JSONWebKeySet{
-		Keys: []jose.JSONWebKey{
-			{
-				KeyID: "kid-foo",
-				Use:   "sig",
-				Key:   &op.PrivateKey.PublicKey,
-			},
-		},
-	}
-
-	jsonJwks, err := json.Marshal(jwks)
-	if err != nil {
-		w.WriteHeader(http.StatusInternalServerError)
-	}
-
-	w.WriteHeader(http.StatusOK)
-	w.Write(jsonJwks)
-}

oidc-provider/fosite.go

@@ -1,565 +0,0 @@
-package op
-
-import (
-	"context"
-	"crypto/rsa"
-	"errors"
-	"reflect"
-	"time"
-
-	"git.coopgo.io/coopgo-platform/mobility-accounts/handlers"
-	"git.coopgo.io/coopgo-platform/mobility-accounts/storage"
-	"github.com/mitchellh/mapstructure"
-	"github.com/ory/fosite"
-	"github.com/ory/fosite/compose"
-	"github.com/ory/fosite/handler/openid"
-	"gopkg.in/square/go-jose.v2"
-)
-
-func NewProvider(c OIDCNamespaceConfig, h handlers.MobilityAccountsHandler, s storage.Storage, privateKey *rsa.PrivateKey) fosite.OAuth2Provider {
-
-	config := &compose.Config{}
-	storage := NewOIDCProviderStore(c, h, s.KV)
-	secret := []byte(c.SecretKey)
-	return compose.ComposeAllEnabled(config, storage, secret, privateKey)
-}
-
-type OIDCProviderStore struct {
-	Namespace               string
-	MobilityAccountsHandler handlers.MobilityAccountsHandler
-	KV                      storage.KVStore
-	Clients                 map[string]fosite.Client
-}
-
-func NewOIDCProviderStore(c OIDCNamespaceConfig, h handlers.MobilityAccountsHandler, storage storage.KVStore) *OIDCProviderStore {
-	clients := map[string]fosite.Client{}
-
-	for _, v := range c.Clients {
-		client := &fosite.DefaultClient{
-			ID:            v.ID,
-			Secret:        []byte(v.Secret),
-			RedirectURIs:  v.RedirectURIs,
-			ResponseTypes: v.ResponseTypes,
-			GrantTypes:    v.GrantTypes,
-			Scopes:        v.Scopes,
-			Audience:      v.Audience,
-			Public:        v.Public,
-		}
-
-		if v.OIDC {
-			oidc_client := &fosite.DefaultOpenIDConnectClient{
-				DefaultClient:           client,
-				TokenEndpointAuthMethod: v.TokenEndpointAuthMethod,
-			}
-			clients[v.ID] = oidc_client
-		} else {
-			clients[v.ID] = client
-		}
-	}
-
-	return &OIDCProviderStore{
-		MobilityAccountsHandler: h,
-		KV:                      storage,
-		Clients:                 clients,
-	}
-}
-
-func (s *OIDCProviderStore) GetClient(_ context.Context, id string) (fosite.Client, error) {
-	cl, ok := s.Clients[id]
-	if !ok {
-		return nil, fosite.ErrNotFound
-	}
-	return cl, nil
-}
-
-func (s *OIDCProviderStore) Authenticate(_ context.Context, name string, secret string) error {
-	_, err := s.MobilityAccountsHandler.Login(name, secret, s.Namespace)
-	if err != nil {
-		return fosite.ErrNotFound
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) CreateOpenIDConnectSession(_ context.Context, authorizeCode string, requester fosite.Requester) error {
-	err := s.KV.Put("id_sessions/"+authorizeCode, requester)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) GetOpenIDConnectSession(_ context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error) {
-	d, err := s.KV.Get("id_sessions/" + authorizeCode)
-	if err != nil {
-		return nil, fosite.ErrNotFound
-	}
-	//return d.(fosite.Requester), nil
-
-	return DecodeRequest(d)
-
-	// req := fosite.NewRequest()
-	// req.Session = new(openid.DefaultSession)
-
-	// decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
-	// 	Metadata: nil,
-	// 	DecodeHook: mapstructure.ComposeDecodeHookFunc(
-	// 		ToTimeHookFunc()),
-	// 	Result: &req,
-	// })
-	// if err != nil {
-	// 	return req, err
-	// }
-	// if err = decoder.Decode(d); err != nil {
-	// 	return req, err
-	// }
-
-	// return req, nil
-}
-
-// DeleteOpenIDConnectSession is not really called from anywhere and it is deprecated.
-func (s *OIDCProviderStore) DeleteOpenIDConnectSession(_ context.Context, authorizeCode string) error {
-	err := s.KV.Delete("id_sessions/" + authorizeCode)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) ClientAssertionJWTValid(_ context.Context, jti string) error {
-	if _, exists := s.KV.Get("blacklisted_jtis/" + jti); exists == nil {
-		return fosite.ErrJTIKnown
-	}
-
-	return nil
-}
-
-func (s *OIDCProviderStore) SetClientAssertionJWT(_ context.Context, jti string, exp time.Time) error {
-
-	if _, exists := s.KV.Get("blacklisted_jtis/" + jti); exists == nil {
-		return fosite.ErrJTIKnown
-	}
-
-	duration := exp.Sub(time.Now())
-
-	if duration < 0 {
-		return errors.New("already expired")
-	}
-
-	err := s.KV.PutWithTTL("blacklisted_jtis/"+jti, true, duration)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) CreateAuthorizeCodeSession(_ context.Context, code string, req fosite.Requester) error {
-	res := StoreAuthorizeCode{
-		Active:    true,
-		Requester: req.(*fosite.Request),
-	}
-	err := s.KV.Put("authorize_codes/"+code, res)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) GetAuthorizeCodeSession(_ context.Context, code string, _ fosite.Session) (fosite.Requester, error) {
-	rel, err := s.KV.Get("authorize_codes/" + code)
-	if err != nil {
-		return nil, fosite.ErrNotFound
-	}
-
-	sac, err := DecodeStoreAuthorizeCode(rel)
-	if err != nil {
-		return nil, err
-	}
-
-	if !sac.Active {
-		return sac.Requester, fosite.ErrInvalidatedAuthorizeCode
-	}
-
-	return sac.Requester, nil
-}
-
-func (s *OIDCProviderStore) InvalidateAuthorizeCodeSession(ctx context.Context, code string) error {
-	rel, err := s.KV.Get("authorize_codes/" + code)
-	if err != nil {
-		return fosite.ErrNotFound
-	}
-
-	sac, err := DecodeStoreAuthorizeCode(rel)
-	if err != nil {
-		return err
-	}
-
-	sac.Active = false
-	err = s.KV.Put("authorize_codes/"+code, sac)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) CreatePKCERequestSession(_ context.Context, code string, req fosite.Requester) error {
-	err := s.KV.Put("pkce/"+code, req)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) GetPKCERequestSession(_ context.Context, code string, _ fosite.Session) (fosite.Requester, error) {
-	rel, err := s.KV.Get("pkce/" + code)
-	if err != nil {
-		return nil, fosite.ErrNotFound
-	}
-
-	req := fosite.NewRequest()
-	req.Session = new(fosite.DefaultSession)
-
-	decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
-		Metadata: nil,
-		DecodeHook: mapstructure.ComposeDecodeHookFunc(
-			ToTimeHookFunc()),
-		Result: &req,
-	})
-	if err != nil {
-		return req, err
-	}
-	if err = decoder.Decode(rel); err != nil {
-		return req, err
-	}
-
-	return req, nil
-}
-
-func (s *OIDCProviderStore) DeletePKCERequestSession(_ context.Context, code string) error {
-	err := s.KV.Delete("pkce/" + code)
-	if err != nil {
-		return fosite.ErrNotFound
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) CreateAccessTokenSession(_ context.Context, signature string, req fosite.Requester) error {
-	err := s.KV.Put("access_tokens/"+signature, req)
-	if err != nil {
-		return err
-	}
-	err = s.KV.Put("access_tokens_request_ids/"+req.GetID(), signature)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) GetAccessTokenSession(_ context.Context, signature string, _ fosite.Session) (fosite.Requester, error) {
-	rel, err := s.KV.Get("access_tokens/" + signature)
-	if err != nil {
-		return nil, fosite.ErrNotFound
-	}
-	//return rel.(fosite.Requester), nil
-	req := fosite.NewRequest()
-	req.Session = new(fosite.DefaultSession)
-
-	decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
-		Metadata: nil,
-		DecodeHook: mapstructure.ComposeDecodeHookFunc(
-			ToTimeHookFunc()),
-		Result: &req,
-	})
-	if err != nil {
-		return req, err
-	}
-	if err = decoder.Decode(rel); err != nil {
-		return req, err
-	}
-
-	return req, nil
-}
-
-func (s *OIDCProviderStore) DeleteAccessTokenSession(_ context.Context, signature string) error {
-	err := s.KV.Delete("access_tokens/" + signature)
-	if err != nil {
-		return fosite.ErrNotFound
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) CreateRefreshTokenSession(_ context.Context, signature string, req fosite.Requester) error {
-
-	err := s.KV.Put("refresh_tokens/"+signature, StoreRefreshToken{Active: true, Requester: req})
-	if err != nil {
-		return err
-	}
-	err = s.KV.Put("refresh_tokens_request_ids/"+req.GetID(), signature)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) GetRefreshTokenSession(_ context.Context, signature string, _ fosite.Session) (fosite.Requester, error) {
-	rel, err := s.KV.Get("refresh_tokens/" + signature)
-	if err != nil {
-		return nil, fosite.ErrNotFound
-	}
-	var srt StoreRefreshToken
-	if err = mapstructure.Decode(rel.(map[string]any), &srt); err != nil {
-		return nil, err
-	}
-	if !srt.Active {
-		return nil, fosite.ErrInactiveToken
-	}
-	return srt.Requester, nil
-}
-
-func (s *OIDCProviderStore) DeleteRefreshTokenSession(_ context.Context, signature string) error {
-	err := s.KV.Delete("refresh_tokens/" + signature)
-	if err != nil {
-		return fosite.ErrNotFound
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) RevokeRefreshToken(ctx context.Context, requestID string) error {
-
-	if signature, err := s.KV.Get("refresh_tokens_request_ids" + requestID); err == nil {
-		rel, err := s.KV.Get("refresh_tokens/" + signature.(string))
-		if err != nil {
-			return fosite.ErrNotFound
-		}
-		var srt StoreRefreshToken
-		if err = mapstructure.Decode(rel.(map[string]any), &srt); err != nil {
-			return err
-		}
-		srt.Active = false
-
-		err = s.KV.Put("refresh_tokens/"+signature.(string), srt)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) error {
-	// no configuration option is available; grace period is not available with memory store
-	return s.RevokeRefreshToken(ctx, requestID)
-}
-
-func (s *OIDCProviderStore) RevokeAccessToken(ctx context.Context, requestID string) error {
-	if signature, err := s.KV.Get("access_tokens_request_ids/" + requestID); err != nil {
-		if err := s.DeleteAccessTokenSession(ctx, signature.(string)); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (s *OIDCProviderStore) GetPublicKey(ctx context.Context, issuer string, subject string, keyId string) (*jose.JSONWebKey, error) {
-	if issuerKeys, err := s.KV.Get("issuer_public_keys/" + issuer); err == nil {
-		var ipk IssuerPublicKeys
-		if err = mapstructure.Decode(issuerKeys.(map[string]any), &ipk); err != nil {
-			return nil, err
-		}
-		if subKeys, ok := ipk.KeysBySub[subject]; ok {
-			if keyScopes, ok := subKeys.Keys[keyId]; ok {
-				return keyScopes.Key, nil
-			}
-		}
-	}
-
-	return nil, fosite.ErrNotFound
-}
-func (s *OIDCProviderStore) GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error) {
-
-	if issuerKeys, err := s.KV.Get("issuer_public_keys/" + issuer); err == nil {
-		var ipk IssuerPublicKeys
-		if err = mapstructure.Decode(issuerKeys.(map[string]any), &ipk); err != nil {
-			return nil, err
-		}
-		if subKeys, ok := ipk.KeysBySub[subject]; ok {
-			if len(subKeys.Keys) == 0 {
-				return nil, fosite.ErrNotFound
-			}
-
-			keys := make([]jose.JSONWebKey, 0, len(subKeys.Keys))
-			for _, keyScopes := range subKeys.Keys {
-				keys = append(keys, *keyScopes.Key)
-			}
-
-			return &jose.JSONWebKeySet{Keys: keys}, nil
-		}
-	}
-
-	return nil, fosite.ErrNotFound
-}
-
-func (s *OIDCProviderStore) GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyId string) ([]string, error) {
-
-	if issuerKeys, err := s.KV.Get("issuer_public_keys/" + issuer); err == nil {
-		var ipk IssuerPublicKeys
-		if err = mapstructure.Decode(issuerKeys.(map[string]any), &ipk); err != nil {
-			return nil, err
-		}
-		if subKeys, ok := ipk.KeysBySub[subject]; ok {
-			if keyScopes, ok := subKeys.Keys[keyId]; ok {
-				return keyScopes.Scopes, nil
-			}
-		}
-	}
-
-	return nil, fosite.ErrNotFound
-}
-
-func (s *OIDCProviderStore) IsJWTUsed(ctx context.Context, jti string) (bool, error) {
-	err := s.ClientAssertionJWTValid(ctx, jti)
-	if err != nil {
-		return true, nil
-	}
-
-	return false, nil
-}
-
-func (s *OIDCProviderStore) MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error {
-	return s.SetClientAssertionJWT(ctx, jti, exp)
-}
-
-// CreatePARSession stores the pushed authorization request context. The requestURI is used to derive the key.
-func (s *OIDCProviderStore) CreatePARSession(ctx context.Context, requestURI string, request fosite.AuthorizeRequester) error {
-	err := s.KV.Put("par_sessions/"+requestURI, request)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// GetPARSession gets the push authorization request context. If the request is nil, a new request object
-// is created. Otherwise, the same object is updated.
-func (s *OIDCProviderStore) GetPARSession(ctx context.Context, requestURI string) (fosite.AuthorizeRequester, error) {
-	rel, err := s.KV.Get("par_sessions/" + requestURI)
-	if err != nil {
-		return nil, fosite.ErrNotFound
-	}
-
-	return rel.(fosite.AuthorizeRequester), nil
-}
-
-// DeletePARSession deletes the context.
-func (s *OIDCProviderStore) DeletePARSession(ctx context.Context, requestURI string) error {
-	err := s.KV.Delete("par_sessions/" + requestURI)
-	if err != nil {
-		return fosite.ErrNotFound
-	}
-	return nil
-}
-
-type StoreAuthorizeCode struct {
-	Active    bool            `json:"active"`
-	Requester *fosite.Request `json:"requester"`
-}
-
-func DecodeStoreAuthorizeCode(rel interface{}) (StoreAuthorizeCode, error) {
-	sac := StoreAuthorizeCode{
-		Active:    false,
-		Requester: fosite.NewRequest(),
-	}
-	// metadata := mapstructure.Metadata{}
-	sac.Requester.Session = new(openid.DefaultSession)
-	decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
-		// Metadata: &metadata,
-		DecodeHook: mapstructure.ComposeDecodeHookFunc(
-			ToTimeHookFunc(),
-			ToBytes(),
-		),
-		TagName: "json",
-		Result:  &sac,
-	})
-	if err != nil {
-		return sac, err
-	}
-	if err = decoder.Decode(rel); err != nil {
-		return sac, err
-	}
-	return sac, nil
-}
-
-func DecodeRequest(rel interface{}) (*fosite.Request, error) {
-	req := fosite.NewRequest()
-	req.Session = new(openid.DefaultSession)
-	decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
-		// Metadata: &metadata,
-		DecodeHook: mapstructure.ComposeDecodeHookFunc(
-			ToTimeHookFunc(),
-			ToBytes(),
-		),
-		TagName: "json",
-		Result:  &req,
-	})
-	if err != nil {
-		return req, err
-	}
-	if err = decoder.Decode(rel); err != nil {
-		return req, err
-	}
-	return req, nil
-}
-
-type StoreRefreshToken struct {
-	Active    bool
-	Requester fosite.Requester
-}
-
-type IssuerPublicKeys struct {
-	Issuer    string
-	KeysBySub map[string]SubjectPublicKeys `mapstructure:"keys_by_sub"`
-}
-
-type SubjectPublicKeys struct {
-	Subject string
-	Keys    map[string]PublicKeyScopes
-}
-
-type PublicKeyScopes struct {
-	Key    *jose.JSONWebKey
-	Scopes []string
-}
-
-func ToTimeHookFunc() mapstructure.DecodeHookFunc {
-	return func(
-		f reflect.Type,
-		t reflect.Type,
-		data interface{}) (interface{}, error) {
-		if t != reflect.TypeOf(time.Time{}) {
-			return data, nil
-		}
-
-		switch f.Kind() {
-		case reflect.String:
-			return time.Parse(time.RFC3339, data.(string))
-		case reflect.Float64:
-			return time.Unix(0, int64(data.(float64))*int64(time.Millisecond)), nil
-		case reflect.Int64:
-			return time.Unix(0, data.(int64)*int64(time.Millisecond)), nil
-		default:
-			return data, nil
-		}
-		// Convert it by parsing
-	}
-}
-
-func ToBytes() mapstructure.DecodeHookFunc {
-	return func(
-		f reflect.Type,
-		t reflect.Type,
-		data interface{}) (interface{}, error) {
-
-		if t == reflect.TypeOf([]byte("")) && f.Kind() == reflect.String {
-			return []byte(data.(string)), nil
-		}
-
-		return data, nil
-	}
-}

oidc-provider/oidc-provider.go

@@ -1,24 +1,33 @@
 package op
 
 import (
-	"crypto/rand"
+	"context"
-	"crypto/rsa"
 	"fmt"
+	"log/slog"
+	"net/http"
+	"os"
+	"time"
 
-	"git.coopgo.io/coopgo-platform/mobility-accounts/handlers"
+	"github.com/dexidp/dex/server"
-	"git.coopgo.io/coopgo-platform/mobility-accounts/storage"
+	dexstorage "github.com/dexidp/dex/storage"
+	"github.com/dexidp/dex/storage/memory"
 	"github.com/mitchellh/mapstructure"
-	"github.com/ory/fosite"
+	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/handlers"
+	maconnector "gitlab.com/mobicoop/solidarity/services/mobility-accounts/oidc-provider/connector"
+	"gitlab.com/mobicoop/solidarity/services/mobility-accounts/storage"
 )
 
+// OIDCConfig holds the full OIDC provider configuration, decoded from viper.
 type OIDCConfig struct {
 	Enable     bool
-	CSRFKey    bool `mapstructure:"csrf_key"`
+	Port       string
-	Port       bool
+	BaseURL    string `mapstructure:"base_url"`
 	Namespaces map[string]OIDCNamespaceConfig
 }
 
+// OIDCNamespaceConfig holds per-namespace OIDC settings.
 type OIDCNamespaceConfig struct {
 	Namespace    string
 	SecretKey    string            `mapstructure:"secret_key"`
@@ -27,6 +36,7 @@ type OIDCNamespaceConfig struct {
 	Clients      []OIDCClient
 }
 
+// OIDCClient represents a static OIDC client.
 type OIDCClient struct {
 	ID            string
 	OIDC          bool
@@ -41,60 +51,137 @@ type OIDCClient struct {
 	TokenEndpointAuthMethod string `mapstructure:"token_endpoint_auth_method"`
 }
 
-type OIDCHandler struct {
+// NewDexServer creates an http.ServeMux that hosts one Dex OIDC server per namespace.
-	NamespaceProviders map[string]fosite.OAuth2Provider
+// Each namespace is mounted at /{namespaceName}/ and has its own storage, clients,
-	config             OIDCConfig
+// and connector instance.
-	handler            handlers.MobilityAccountsHandler
+func NewDexServer(handler *handlers.MobilityAccountsHandler, stor storage.Storage, cfg *viper.Viper) (*http.ServeMux, error) {
-	Protocol           string //HTTP (dev env) or HTTPS
+	var oidcConfig OIDCConfig
-	PrivateKey         *rsa.PrivateKey
+	mapstructure.Decode(cfg.Get("services.oidc_provider").(map[string]any), &oidcConfig)
-}
-
-func NewOIDCHandler(h handlers.MobilityAccountsHandler, storage storage.Storage, config *viper.Viper) *OIDCHandler {
-	var oidc_config OIDCConfig
-
-	mapstructure.Decode(config.Get("services.oidc_provider").(map[string]any), &oidc_config)
-
-	providers := map[string]fosite.OAuth2Provider{}
-
-	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		return nil
-	}
-
-	for _, c := range oidc_config.Namespaces {
-		np := NewProvider(c, h, storage, privateKey)
-
-		providers[c.Namespace] = np
-	}
 
+	baseURL := oidcConfig.BaseURL
+	if baseURL == "" {
 		protocol := "https"
-	if config.GetBool("dev_env") {
+		if cfg.GetBool("dev_env") {
 			protocol = "http"
 		}
-
+		baseURL = fmt.Sprintf("%s://0.0.0.0:%s", protocol, cfg.GetString("services.oidc_provider.port"))
-	return &OIDCHandler{
-		config:             oidc_config,
-		handler:            h,
-		NamespaceProviders: providers,
-		Protocol:           protocol,
-		PrivateKey:         privateKey,
 	}
+
+	mux := http.NewServeMux()
+	logger := slog.New(slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: slog.LevelInfo}))
+
+	// Register our custom connector type in Dex's global registry
+	server.ConnectorsConfig["mobilityaccounts"] = func() server.ConnectorConfig {
+		return &maconnector.Config{
+			Handler:   handler,
+			Storage:   stor,
+			Namespace: "", // will be set per-namespace below
+		}
+	}
+
+	for nsName, nsCfg := range oidcConfig.Namespaces {
+		dexServer, err := createNamespaceDexServer(handler, stor, nsCfg, nsName, baseURL, logger)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create Dex server for namespace %q: %w", nsName, err)
+		}
+
+		prefix := "/" + nsName
+		mux.Handle(prefix+"/", dexServer)
+	}
+
+	return mux, nil
 }
 
-func Run(done chan error, cfg *viper.Viper, handler handlers.MobilityAccountsHandler, storage storage.Storage) {
+// createNamespaceDexServer builds a single Dex server.Server for one namespace.
-	var (
+func createNamespaceDexServer(handler *handlers.MobilityAccountsHandler, stor storage.Storage, nsCfg OIDCNamespaceConfig, nsName, baseURL string, logger *slog.Logger) (*server.Server, error) {
-		address = "0.0.0.0:" + cfg.GetString("services.oidc_provider.port")
+	ctx := context.Background()
-	)
 
-	fmt.Println("-> OIDC provider endpoints on", address)
+	// In-memory Dex storage
+	dexStore := memory.New(logger)
 
-	s := NewOIDCHandler(handler, storage, cfg)
+	// Register static clients
+	clients := buildDexClients(nsCfg.Clients)
+	dexStore = dexstorage.WithStaticClients(dexStore, clients)
 
-	err := NewOIDCServer(s, cfg)
+	// Register the connector — we override ConnectorsConfig factory for this namespace
-
+	// so that Open() will get the right handler/storage/namespace.
-	if err != nil {
+	server.ConnectorsConfig["mobilityaccounts"] = func() server.ConnectorConfig {
-		fmt.Println("OIDC server ended")
+		return &maconnector.Config{
+			Handler:   handler,
+			Storage:   stor,
+			Namespace: nsCfg.Namespace,
+		}
 	}
 
+	conn := dexstorage.Connector{
+		ID:   "mobilityaccounts",
+		Type: "mobilityaccounts",
+		Name: "Mobility Accounts",
+	}
+	dexStore = dexstorage.WithStaticConnectors(dexStore, []dexstorage.Connector{conn})
+
+	issuer := fmt.Sprintf("%s/%s", baseURL, nsName)
+
+	// Determine web config
+	webCfg := server.WebConfig{
+		Dir:    "/web",
+		Issuer: nsName,
+	}
+
+	// Dex v2.42 manages signing keys internally via storage.
+	dexServer, err := server.NewServer(ctx, server.Config{
+		Issuer:             issuer,
+		Storage:            dexStore,
+		SkipApprovalScreen: true,
+		IDTokensValidFor:   30 * time.Hour,
+		Web:                webCfg,
+		Logger:             logger,
+		Now:                time.Now,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to create Dex server: %w", err)
+	}
+
+	return dexServer, nil
+}
+
+// buildDexClients converts the config OIDCClient list to Dex storage.Client list.
+func buildDexClients(clients []OIDCClient) []dexstorage.Client {
+	dexClients := make([]dexstorage.Client, 0, len(clients))
+	for _, c := range clients {
+		dexClients = append(dexClients, dexstorage.Client{
+			ID:           c.ID,
+			Secret:       c.Secret,
+			RedirectURIs: c.RedirectURIs,
+			Public:       c.Public,
+			Name:         c.ID,
+		})
+	}
+	return dexClients
+}
+
+// Run starts the OIDC provider HTTP server. Called from main.go as a goroutine.
+func Run(done chan error, cfg *viper.Viper, handler handlers.MobilityAccountsHandler, stor storage.Storage) {
+	address := "0.0.0.0:" + cfg.GetString("services.oidc_provider.port")
+	log.Info().Str("address", address).Msg("Running Dex OIDC provider")
+
+	mux, err := NewDexServer(&handler, stor, cfg)
+	if err != nil {
+		log.Error().Err(err).Msg("Failed to create Dex OIDC server")
+		done <- err
+		return
+	}
+
+	srv := &http.Server{
+		Handler:      mux,
+		Addr:         address,
+		WriteTimeout: 15 * time.Second,
+		ReadTimeout:  15 * time.Second,
+	}
+
+	err = srv.ListenAndServe()
+	if err != nil {
+		log.Error().Err(err).Msg("Dex OIDC server ended")
+	}
 	done <- err
 }

oidc-provider/server.go

@@ -1,40 +0,0 @@
-package op
-
-import (
-	"net/http"
-	"time"
-
-	"github.com/gorilla/csrf"
-	"github.com/gorilla/mux"
-	"github.com/spf13/viper"
-)
-
-func NewOIDCServer(oidc_handler *OIDCHandler, cfg *viper.Viper) error {
-	var (
-		dev_env = cfg.GetBool("dev_env")
-		address = "0.0.0.0:" + cfg.GetString("services.oidc_provider.port")
-		//csrf_key = cfg.GetString("services.oidc_provider.csrf_key")
-	)
-
-	router := mux.NewRouter()
-	router.HandleFunc("/{namespace}/auth", oidc_handler.AuthEndpoint)
-	router.HandleFunc("/{namespace}/token", oidc_handler.TokenEndpoint)
-	router.HandleFunc("/{namespace}/introspect", oidc_handler.IntrospectionEndpoint)
-	router.HandleFunc("/{namespace}/userinfo", oidc_handler.UserinfoEndpoint)
-	router.HandleFunc("/{namespace}/.well-known/openid-configuration", oidc_handler.WellKnownOIDCEndpoint)
-	router.HandleFunc("/{namespace}/.well-known/jwks.json", oidc_handler.WellKnownJWKSEndpoint)
-
-	if dev_env {
-		csrf.Secure(false)
-	}
-
-	srv := &http.Server{
-		Handler:      router,
-		Addr:         address,
-		WriteTimeout: 15 * time.Second,
-		ReadTimeout:  15 * time.Second,
-	}
-	err := srv.ListenAndServe()
-
-	return err
-}

oidc-provider/web/robots.txt

@@ -0,0 +1,2 @@
+User-agent: *
+Disallow: /

oidc-provider/web/static/main.css

@@ -0,0 +1 @@
+/* Mobicoop Solidaire — static styles are inlined in header.html */

oidc-provider/web/templates/approval.html

@@ -0,0 +1,22 @@
+{{ template "header.html" . }}
+
+    <h2>Autorisation</h2>
+
+    <p style="text-align:center; font-size:0.875rem; margin-bottom:1rem;">
+      <strong>{{ .Client }}</strong> souhaite acceder a votre compte.
+    </p>
+
+    {{ if .Scopes }}
+    <p style="font-size:0.875rem;">Permissions demandees :</p>
+    <ul class="scopes-list">
+      {{ range $s := .Scopes }}
+      <li>{{ $s }}</li>
+      {{ end }}
+    </ul>
+    {{ end }}
+
+    <form method="POST" action="{{ .Approval }}">
+      <button type="submit" class="btn-primary">Autoriser</button>
+    </form>
+
+{{ template "footer.html" . }}

oidc-provider/web/templates/device.html

@@ -0,0 +1,21 @@
+{{ template "header.html" . }}
+
+    <h2>Connexion appareil</h2>
+
+    {{ if .Invalid }}
+    <div class="error-box">
+      Code invalide. Veuillez reessayer.
+    </div>
+    {{ end }}
+
+    <form method="POST" action="{{ .PostURL }}">
+      <div class="form-group">
+        <label for="user_code">Code utilisateur</label>
+        <input required id="user_code" name="user_code" type="text"
+               {{ if .UserCode }}value="{{ .UserCode }}"{{ end }}
+               placeholder="XXXX-XXXX" autofocus>
+      </div>
+      <button type="submit" class="btn-primary">Valider</button>
+    </form>
+
+{{ template "footer.html" . }}

oidc-provider/web/templates/device_success.html

@@ -0,0 +1,9 @@
+{{ template "header.html" . }}
+
+    <h2>Appareil connecte</h2>
+
+    <p style="text-align:center; font-size:0.875rem;">
+      Votre appareil <strong>{{ .ClientName }}</strong> est maintenant connecte. Vous pouvez fermer cette page.
+    </p>
+
+{{ template "footer.html" . }}

oidc-provider/web/templates/error.html

@@ -0,0 +1,14 @@
+{{ template "header.html" . }}
+
+    <h2>Erreur</h2>
+
+    <div class="error-box">
+      {{ if .ErrType }}<strong>{{ .ErrType }}</strong><br>{{ end }}
+      {{ if .ErrMsg }}{{ .ErrMsg }}{{ else }}Une erreur inattendue est survenue.{{ end }}
+    </div>
+
+    <div class="link-center">
+      <a href="javascript:history.back()">Retour</a>
+    </div>
+
+{{ template "footer.html" . }}

oidc-provider/web/templates/footer.html

@@ -0,0 +1,3 @@
+  </div>
+</body>
+</html>

oidc-provider/web/templates/header.html

@@ -0,0 +1,161 @@
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>{{ issuer }} - Connexion</title>
+  <link rel="preconnect" href="https://fonts.googleapis.com">
+  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+  <link href="https://fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700&display=swap" rel="stylesheet">
+  <style>
+    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+
+    body {
+      font-family: 'Poppins', sans-serif;
+      background-color: #f9fafb;
+      color: #1f2937;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+
+    .card {
+      background: #fff;
+      border-radius: 1rem;
+      box-shadow: 0 1px 3px rgba(0,0,0,0.08);
+      padding: 2.5rem 2rem;
+      width: 100%;
+      max-width: 28rem;
+      margin: 1rem;
+    }
+
+    .logo {
+      display: block;
+      margin: 0 auto 1.5rem;
+      max-width: 200px;
+      height: auto;
+    }
+
+    h2 {
+      text-align: center;
+      font-size: 1.5rem;
+      font-weight: 600;
+      color: #243887;
+      margin-bottom: 1.5rem;
+    }
+
+    .form-group { margin-bottom: 1rem; }
+
+    label {
+      display: block;
+      font-size: 0.875rem;
+      font-weight: 500;
+      color: #374151;
+      margin-bottom: 0.25rem;
+    }
+
+    input[type="text"],
+    input[type="email"],
+    input[type="password"] {
+      width: 100%;
+      padding: 0.625rem 0.875rem;
+      border: 1px solid #d1d5db;
+      border-radius: 1rem;
+      font-family: 'Poppins', sans-serif;
+      font-size: 0.875rem;
+      outline: none;
+      transition: border-color 0.15s;
+    }
+
+    input[type="text"]:focus,
+    input[type="email"]:focus,
+    input[type="password"]:focus {
+      border-color: #243887;
+      box-shadow: 0 0 0 2px rgba(36,56,135,0.15);
+    }
+
+    .btn-primary {
+      display: block;
+      width: 100%;
+      padding: 0.625rem;
+      background-color: #243887;
+      color: #fff;
+      border: none;
+      border-radius: 1rem;
+      font-family: 'Poppins', sans-serif;
+      font-size: 0.875rem;
+      font-weight: 600;
+      cursor: pointer;
+      transition: background-color 0.15s;
+      margin-top: 1.25rem;
+    }
+
+    .btn-primary:hover { background-color: #1c2d6e; }
+
+    .error-box {
+      background-color: #fef2f2;
+      border: 1px solid #fecaca;
+      color: #991b1b;
+      padding: 0.75rem 1rem;
+      border-radius: 0.75rem;
+      font-size: 0.8125rem;
+      margin-bottom: 1rem;
+    }
+
+    .link-center {
+      text-align: center;
+      margin-top: 1rem;
+    }
+
+    .link-center a {
+      color: #243887;
+      font-size: 0.8125rem;
+      text-decoration: none;
+      font-weight: 500;
+    }
+
+    .link-center a:hover { text-decoration: underline; }
+
+    .back-link {
+      text-align: center;
+      margin-top: 0.75rem;
+    }
+
+    .back-link a {
+      color: #6b7280;
+      font-size: 0.8125rem;
+      text-decoration: none;
+    }
+
+    .back-link a:hover { text-decoration: underline; }
+
+    .connector-list { list-style: none; }
+
+    .connector-list li { margin-bottom: 0.5rem; }
+
+    .connector-list a {
+      display: block;
+      text-align: center;
+      padding: 0.625rem;
+      background-color: #243887;
+      color: #fff;
+      border-radius: 1rem;
+      text-decoration: none;
+      font-weight: 600;
+      font-size: 0.875rem;
+      transition: background-color 0.15s;
+    }
+
+    .connector-list a:hover { background-color: #1c2d6e; }
+
+    .scopes-list {
+      list-style: disc;
+      padding-left: 1.5rem;
+      margin: 1rem 0;
+      font-size: 0.875rem;
+    }
+  </style>
+</head>
+<body>
+  <div class="card">

oidc-provider/web/templates/login.html

@@ -0,0 +1,18 @@
+{{ template "header.html" . }}
+
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 240 48" class="logo">
+      <text x="50%" y="50%" dominant-baseline="central" text-anchor="middle"
+            font-family="Poppins, sans-serif" font-weight="700" font-size="18" fill="#243887">
+        Mobicoop Solidaire
+      </text>
+    </svg>
+
+    <h2>Connexion</h2>
+
+    <ul class="connector-list">
+    {{ range $c := .Connectors }}
+      <li><a href="{{ $c.URL }}">{{ $c.Name }}</a></li>
+    {{ end }}
+    </ul>
+
+{{ template "footer.html" . }}

oidc-provider/web/templates/oob.html

@@ -0,0 +1,13 @@
+{{ template "header.html" . }}
+
+    <h2>Code d'autorisation</h2>
+
+    <p style="text-align:center; font-size:0.875rem; margin-bottom:1rem;">
+      Copiez ce code dans votre application :
+    </p>
+
+    <div style="text-align:center; font-size:1.25rem; font-weight:600; color:#243887; background:#f3f4f6; padding:1rem; border-radius:0.75rem; font-family:monospace;">
+      {{ .Code }}
+    </div>
+
+{{ template "footer.html" . }}

oidc-provider/web/templates/password.html

@@ -0,0 +1,41 @@
+{{ template "header.html" . }}
+
+    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 240 48" class="logo">
+      <text x="50%" y="50%" dominant-baseline="central" text-anchor="middle"
+            font-family="Poppins, sans-serif" font-weight="700" font-size="18" fill="#243887">
+        Mobicoop Solidaire
+      </text>
+    </svg>
+
+    <h2>Connexion</h2>
+
+    {{ if .Invalid }}
+    <div class="error-box">
+      Identifiant ou mot de passe incorrect.
+    </div>
+    {{ end }}
+
+    <form method="POST" action="{{ .PostURL }}">
+      <div class="form-group">
+        <label for="login">{{ .UsernamePrompt }}</label>
+        <input tabindex="1" required id="login" name="login" type="email"
+               placeholder="email@exemple.fr"
+               {{ if .Username }}value="{{ .Username }}"{{ else }}autofocus{{ end }}>
+      </div>
+
+      <div class="form-group">
+        <label for="password">Mot de passe</label>
+        <input tabindex="2" required id="password" name="password" type="password"
+               placeholder="mot de passe" {{ if .Invalid }}autofocus{{ end }}>
+      </div>
+
+      <button tabindex="3" type="submit" class="btn-primary">Se connecter</button>
+    </form>
+
+    {{ if .BackLink }}
+    <div class="back-link">
+      <a href="{{ .BackLink }}">Choisir une autre methode de connexion</a>
+    </div>
+    {{ end }}
+
+{{ template "footer.html" . }}

oidc-provider/web/themes/light/styles.css

@@ -0,0 +1 @@
+/* Mobicoop Solidaire theme — styles are inlined in header.html */

storage/accounts.go

@@ -6,6 +6,7 @@ type Account struct {
 	Authentication AccountAuth    `json:"-" bson:"authentication"`
 	Data           map[string]any `json:"data"`
 	Metadata       map[string]any `json:"metadata"`
+	Deleted        bool           `json:"deleted" bson:"deleted"`
 }
 
 type AccountAuth struct {

storage/mongodb.go

@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/mongo"
@@ -71,15 +72,15 @@ func (s MongoDBStorage) LocalAuthentication(namespace string, username *string,
 	account := &Account{}
 
 	if username != nil {
-		if err := collection.FindOne(context.TODO(), bson.M{"namespace": namespace, "authentication.local.username": username}).Decode(account); err != nil {
+		if err := collection.FindOne(context.TODO(), bson.M{"namespace": namespace, "authentication.local.username": *username}).Decode(account); err != nil {
 			return nil, err
 		}
 	} else if email != nil {
-		if err := collection.FindOne(context.TODO(), bson.M{"namespace": namespace, "authentication.local.email": email}).Decode(account); err != nil {
+		if err := collection.FindOne(context.TODO(), bson.M{"namespace": namespace, "authentication.local.email": *email}).Decode(account); err != nil {
 			return nil, err
 		}
 	} else if phone_number != nil {
-		if err := collection.FindOne(context.TODO(), bson.M{"namespace": namespace, "authentication.local.phone_number": phone_number}).Decode(account); err != nil {
+		if err := collection.FindOne(context.TODO(), bson.M{"namespace": namespace, "authentication.local.phone_number": *phone_number}).Decode(account); err != nil {
 			return nil, err
 		}
 	} else {
@@ -185,7 +186,21 @@ func (s MongoDBStorage) CreateAccount(account Account) error {
 func (s MongoDBStorage) UpdateAccount(account Account) error {
 	collection := s.Client.Database(s.DbName).Collection(s.Collections["users"])
 	if _, err := collection.ReplaceOne(context.TODO(), bson.M{"_id": account.ID}, account); err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
+		return err
+	}
+
+	return nil
+}
+
+func (s MongoDBStorage) DeleteAccount(id string) error {
+	collection := s.Client.Database(s.DbName).Collection(s.Collections["users"])
+	update := bson.M{
+		"$set":   bson.M{"deleted": true},
+		"$unset": bson.M{"authentication": ""},
+	}
+	if _, err := collection.UpdateOne(context.TODO(), bson.M{"_id": id}, update); err != nil {
+		log.Error().Err(err).Msg("")
 		return err
 	}
 
@@ -193,6 +208,6 @@ func (s MongoDBStorage) UpdateAccount(account Account) error {
 }
 
 func (s MongoDBStorage) Migrate() error {
-	fmt.Println("no migration")
+	log.Error().Msg("no migration")
 	return nil
 }

storage/mongodb_test.go

@@ -1,118 +0,0 @@
-package storage
-
-import (
-	"testing"
-
-	"github.com/google/uuid"
-	"github.com/spf13/viper"
-	"github.com/stretchr/testify/require"
-)
-
-var cfg2 *viper.Viper
-
-func init() {
-	cfg2 = viper.New()
-	cfg2.SetDefault("storage.db.mongodb.host", "localhost")
-	cfg2.SetDefault("storage.db.mongodb.port", "27017")
-	cfg2.SetDefault("storage.db.mongodb.user", "mongodb")
-	cfg2.SetDefault("storage.db.mongodb.db_name", "mobilityaccounts_tests")
-	cfg2.SetDefault("storage.db.mongodb.sslmode", "disable")
-	cfg2.SetDefault("storage.db.mongodb.collections.users", "users")
-	cfg2.SetConfigName("config") // Define values in config.yaml
-	cfg2.AddConfigPath(".")
-	cfg2.ReadInConfig()
-}
-
-func TestMongoDBStorage_CreateAndGetAccount(t *testing.T) {
-	db, err := NewMongoDBStorage(cfg2)
-	require.NoError(t, err)
-	err = db.CreateAccount(account1)
-	require.NoError(t, err)
-
-	result, err := db.GetAccount(account1.ID)
-	require.NoError(t, err)
-
-	require.Equal(t, &account1, result)
-}
-func TestMongoDBStorage_CreateAndGetAccountNoAuth(t *testing.T) {
-	db, err := NewMongoDBStorage(cfg2)
-	require.NoError(t, err)
-
-	err = db.CreateAccount(account3)
-	require.NoError(t, err)
-
-	result, err := db.GetAccount(account3.ID)
-	require.NoError(t, err)
-
-	require.Equal(t, &account3, result)
-}
-
-func TestMongoDBStorage_UpdateAccount(t *testing.T) {
-	db, err := NewMongoDBStorage(cfg2)
-	require.NoError(t, err)
-
-	err = db.CreateAccount(account2)
-	require.NoError(t, err)
-
-	modified := account2
-	modified.Authentication.Local.Email = Ptr("modifiedtest@test.com")
-	modified.Data["key1"] = "modeifiedvalue"
-	modified.Data["addedkey"] = "addedvalue"
-	modified.Metadata["addedmetadatakey"] = "addedmetadatavalue"
-	err = db.UpdateAccount(modified)
-	require.NoError(t, err)
-
-	result, err := db.GetAccount(account2.ID)
-	require.NoError(t, err)
-
-	require.Equal(t, &modified, result)
-}
-
-func TestMongoDBStorage_LocalAuthentication(t *testing.T) {
-	db, err := NewMongoDBStorage(cfg2)
-	require.NoError(t, err)
-
-	_, err = db.LocalAuthentication(account1.Namespace, account1.Authentication.Local.Username, nil, nil)
-	require.NoError(t, err)
-
-	_, err = db.LocalAuthentication(account1.Namespace, nil, account1.Authentication.Local.Email, nil)
-	require.NoError(t, err)
-
-	_, err = db.LocalAuthentication(account1.Namespace, nil, nil, account1.Authentication.Local.PhoneNumber)
-	require.NoError(t, err)
-}
-
-func TestMongoDBStorage_GetAccounts(t *testing.T) {
-	db, err := NewMongoDBStorage(cfg2)
-	require.NoError(t, err)
-
-	accounts, err := db.GetAccounts([]string{account1.Namespace, account3.Namespace})
-	require.NoError(t, err)
-
-	for _, account := range accounts {
-		require.Contains(t, []string{account1.Namespace, account3.Namespace}, account.Namespace)
-	}
-}
-
-func TestMongoDBsqlStorage_GetAccountsByIds(t *testing.T) {
-	db, err := NewMongoDBStorage(cfg2)
-	require.NoError(t, err)
-
-	accounts, err := db.GetAccountsByIds([]string{account2.ID, account3.ID})
-	require.NoError(t, err)
-
-	for _, account := range accounts {
-		require.Contains(t, []string{account2.ID, account3.ID}, account.ID)
-	}
-}
-
-func TestMongoDBStorage_CreateAlreadyExistingCredentials(t *testing.T) {
-	db, err := NewMongoDBStorage(cfg2)
-	require.NoError(t, err)
-
-	modified := account1
-	modified.ID = uuid.NewString() // Change the ID to make as if it was a new one
-
-	err = db.CreateAccount(modified)
-	require.Error(t, err)
-}

storage/postgresql.go

@@ -13,6 +13,7 @@ import (
 	"ariga.io/atlas/sql/schema"
 	"github.com/lib/pq"
 	_ "github.com/lib/pq"
+	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
 )
 
@@ -38,12 +39,12 @@ func NewPostgresqlStorage(cfg *viper.Viper) (PostgresqlStorage, error) {
 	psqlconn := fmt.Sprintf("host=%s port=%d user=%s password=%s dbname=%s sslmode=%s", host, portInt, user, password, dbname, sslmode)
 	db, err := sql.Open("postgres", psqlconn)
 	if err != nil {
-		fmt.Println("error", err)
+		log.Error().Err(err).Msg("error opening postgresql connection")
 		return PostgresqlStorage{}, fmt.Errorf("connection to postgresql failed")
 	}
 	err = db.Ping()
 	if err != nil {
-		fmt.Println(err)
+		log.Error().Err(err).Msg("")
 		return PostgresqlStorage{}, fmt.Errorf("connection to postgresql database failed")
 	}
 	return PostgresqlStorage{
@@ -129,7 +130,7 @@ func (psql PostgresqlStorage) LocalAuthentication(namespace string, username *st
 		req += fmt.Sprintf(` AND phone_number = '%s'`, *phone_number)
 	}
 	req += ";"
-	fmt.Println(req)
+
 	account.Authentication.Local = &LocalAuth{}
 	err := psql.DbConnection.QueryRow(req).Scan(
 		&account.ID,
@@ -145,22 +146,22 @@ func (psql PostgresqlStorage) LocalAuthentication(namespace string, username *st
 	}
 	err = json.Unmarshal(metadata, &account.Metadata)
 	if err != nil {
-		fmt.Println("one")
+		log.Error().Err(err).Msg("error unmarshalling account metadata")
 		return nil, err
 	}
 	err = json.Unmarshal(data, &account.Data)
 	if err != nil {
-		fmt.Println("two")
+		log.Error().Err(err).Msg("error unmarshalling account data")
 		return nil, err
 	}
 	err = json.Unmarshal(emailValidation, &account.Authentication.Local.EmailValidation)
 	if err != nil {
-		fmt.Println("three")
+		log.Error().Err(err).Msg("error unmarshalling email validation")
 		return nil, err
 	}
 	err = json.Unmarshal(phoneValidation, &account.Authentication.Local.PhoneNumberValidation)
 	if err != nil {
-		fmt.Println("four")
+		log.Error().Err(err).Msg("error unmarshalling phone validation")
 		return nil, err
 	}
 	return account, nil
@@ -419,6 +420,34 @@ func (psql PostgresqlStorage) UpdateAccount(account Account) error {
 	return nil
 }
 
+func (psql PostgresqlStorage) DeleteAccount(id string) error {
+	tx, err := psql.DbConnection.BeginTx(context.Background(), nil)
+	if err != nil {
+		return err
+	}
+	defer tx.Rollback()
+
+	// Delete authentication info
+	req := fmt.Sprintf(`DELETE FROM %s WHERE account_id = $1`, psql.Tables["accounts_auth_local"])
+	_, err = tx.Exec(req, id)
+	if err != nil {
+		return err
+	}
+
+	// Mark account as deleted
+	req = fmt.Sprintf(`UPDATE %s SET deleted = true WHERE id = $1`, psql.Tables["accounts"])
+	_, err = tx.Exec(req, id)
+	if err != nil {
+		return err
+	}
+
+	if err := tx.Commit(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (psql PostgresqlStorage) Migrate() error {
 	ctx := context.Background()
 	driver, err := postgres.Open(psql.DbConnection)

storage/postgresql/schema.hcl

@@ -16,6 +16,11 @@ table "accounts" {
     null = true
     type = jsonb
   }
+  column "deleted" {
+    null = true
+    type = boolean
+    default = false
+  }
   primary_key {
     columns = [column.id]
   }

storage/postgresql_test.go

@@ -1,225 +0,0 @@
-package storage
-
-import (
-	"context"
-	"fmt"
-	"reflect"
-	"testing"
-
-	"github.com/google/uuid"
-	_ "github.com/lib/pq"
-	"github.com/spf13/viper"
-)
-
-var cfg *viper.Viper
-
-func init() {
-	cfg = viper.New()
-	cfg.SetDefault("storage.db.psql.host", "localhost")
-	cfg.SetDefault("storage.db.psql.port", "5432")
-	cfg.SetDefault("storage.db.psql.user", "postgres")
-	cfg.SetDefault("storage.db.psql.password", "postgres")
-	cfg.SetDefault("storage.db.psql.dbname", "coopgo_platform")
-	cfg.SetDefault("storage.db.psql.sslmode", "disable")
-	cfg.SetDefault("storage.db.psql.schema", "mobilityaccounts")
-	cfg.SetDefault("storage.db.psql.tables.accounts", "accounts")
-	cfg.SetDefault("storage.db.psql.tables.accounts_auth_local", "accounts_auth_local")
-	cfg.SetConfigName("config") // Override default values in a config.yaml file within this directory
-	cfg.AddConfigPath(".")
-	cfg.ReadInConfig()
-}
-
-func TestPostgresqlStorage_Initialize(t *testing.T) {
-	storage, err := NewPostgresqlStorage(cfg)
-	if err != nil {
-		t.Errorf("error creating new PostgreSQL storage: %v", err)
-	}
-	defer storage.DbConnection.Close()
-
-	err = storage.Migrate()
-	if err != nil {
-		t.Errorf("database migration issue: %v", err)
-		return
-	}
-
-	tx, err := storage.DbConnection.BeginTx(context.Background(), nil)
-	if err != nil {
-		t.Errorf("transaction issue: %v", err)
-		return
-	}
-	defer tx.Rollback()
-	_, err = tx.Exec(fmt.Sprintf("DELETE FROM %s;", storage.Tables["accounts_auth_local"]))
-	if err != nil {
-		t.Errorf("delete accounts table issue: %v", err)
-		return
-	}
-	_, err = tx.Exec(fmt.Sprintf("DELETE FROM %s;", storage.Tables["accounts"]))
-	if err != nil {
-		t.Errorf("delete accounts table issue: %v", err)
-		return
-	}
-	if err = tx.Commit(); err != nil {
-		t.Errorf("commit transaction issue: %v", err)
-		return
-	}
-}
-
-func TestPostgresqlStorage_CreateAndGetAccount(t *testing.T) {
-	db, err := NewPostgresqlStorage(cfg)
-	if err != nil {
-		t.Errorf("failed to create new psql connection")
-	}
-	err = db.CreateAccount(account1)
-	if err != nil {
-		t.Errorf("Failed to create account : %s", err)
-		return
-	}
-
-	result, err := db.GetAccount(account1.ID)
-	if err != nil {
-		t.Errorf("Failed to get account : %s", err)
-		return
-	}
-
-	if !reflect.DeepEqual(&account1, result) {
-		t.Errorf("The received account is not the same as expected\nSaved Account : %v\nRetrieved Account : %v", &account1, result)
-	}
-}
-
-func TestPostgresqlStorage_CreateAndGetAccountNoAuth(t *testing.T) {
-	db, err := NewPostgresqlStorage(cfg)
-	if err != nil {
-		t.Errorf("failed to create new psql connection")
-	}
-	err = db.CreateAccount(account3)
-	if err != nil {
-		t.Errorf("Failed to create account : %s", err)
-		return
-	}
-
-	result, err := db.GetAccount(account3.ID)
-	if err != nil {
-		t.Errorf("Failed to get account : %s", err)
-		return
-	}
-
-	if !reflect.DeepEqual(&account3, result) {
-		t.Errorf("The received account is not the same as expected\nSaved Account : %v\nRetrieved Account : %v", &account3, result)
-	}
-}
-
-func TestPostgresqlStorage_UpdateAccount(t *testing.T) {
-	db, err := NewPostgresqlStorage(cfg)
-	if err != nil {
-		t.Errorf("failed to create new psql connection")
-	}
-	err = db.CreateAccount(account2)
-	if err != nil {
-		t.Errorf("Failed to create account : %s", err)
-		return
-	}
-	modified := account2
-	modified.Authentication.Local.Email = Ptr("modifiedtest@test.com")
-	modified.Data["key1"] = "modeifiedvalue"
-	modified.Data["addedkey"] = "addedvalue"
-	modified.Metadata["addedmetadatakey"] = "addedmetadatavalue"
-	err = db.UpdateAccount(modified)
-	if err != nil {
-		t.Errorf("failed updating account : %s", err)
-	}
-
-	result, err := db.GetAccount(account2.ID)
-	if err != nil {
-		t.Errorf("Failed to get account : %s", err)
-		return
-	}
-
-	if !reflect.DeepEqual(&modified, result) {
-		t.Errorf("The received account is not the same as expected\nSaved Account : %v\nRetrieved Account : %v", &modified, result)
-	}
-}
-
-func TestPostgresqlStorage_LocalAuthentication(t *testing.T) {
-	db, err := NewPostgresqlStorage(cfg)
-	if err != nil {
-		t.Errorf("failed to create new psql connection")
-	}
-	_, err = db.LocalAuthentication(account1.Namespace, account1.Authentication.Local.Username, nil, nil)
-	if err != nil {
-		t.Errorf("Failed LocalAuthentication based on username and namespace : %s", err)
-	}
-	_, err = db.LocalAuthentication(account1.Namespace, nil, account1.Authentication.Local.Email, nil)
-	if err != nil {
-		t.Errorf("Failed LocalAuthentication based on email and namespace :\n Namespace: %s\n Email: %s\nError: %s", account1.Namespace, *account1.Authentication.Local.Email, err)
-	}
-	_, err = db.LocalAuthentication(account1.Namespace, nil, nil, account1.Authentication.Local.PhoneNumber)
-	if err != nil {
-		t.Errorf("Failed LocalAuthentication based on phone number and namespace :\n Namespace: %s\n Phone number: %s\nError: %s", account1.Namespace, *account1.Authentication.Local.PhoneNumber, err)
-	}
-}
-
-func TestPostgresqlStorage_GetAccounts(t *testing.T) {
-	db, err := NewPostgresqlStorage(cfg)
-	if err != nil {
-		t.Errorf("failed to create new psql connection")
-	}
-	accounts, err := db.GetAccounts([]string{account1.Namespace, account3.Namespace})
-	if err != nil {
-		t.Errorf("Failed : %s", err)
-		return
-	}
-	for _, account := range accounts {
-		if account.Namespace != account1.Namespace && account.Namespace != account3.Namespace {
-			t.Errorf("This namespace was not requested : %s", account.Namespace)
-		}
-	}
-}
-
-func TestPostgresqlStorage_GetAccountsByIds(t *testing.T) {
-	db, err := NewPostgresqlStorage(cfg)
-	if err != nil {
-		t.Errorf("failed to create new psql connection")
-		return
-	}
-
-	accounts, err := db.GetAccountsByIds([]string{account2.ID, account3.ID})
-	if err != nil {
-		t.Errorf("Failed to get account by ID : %s", err)
-		return
-	}
-
-	found2 := false
-	found3 := false
-	for _, account := range accounts {
-		if account.ID == account2.ID {
-			found2 = true
-		} else if account.ID == account3.ID {
-			found3 = true
-		} else {
-			t.Errorf("This id was not requested : %s", account.ID)
-		}
-	}
-	if !found2 {
-		t.Errorf("account id not found for account2 : %s", account2.ID)
-	}
-	if !found3 {
-		t.Errorf("account id not found for account3 : %s", account3.ID)
-	}
-}
-
-func TestPostgresqlStorage_CreateAlreadyExistingCredentials(t *testing.T) {
-	db, err := NewPostgresqlStorage(cfg)
-	if err != nil {
-		t.Errorf("failed to create new psql connection")
-		return
-	}
-
-	modified := account1
-	modified.ID = uuid.NewString() // Change the ID to make as if it was a new one
-
-	err = db.CreateAccount(modified)
-	if err == nil {
-		t.Errorf("account should not be created : unique index violated !")
-		return
-	}
-}

storage/storage.go

@@ -37,6 +37,7 @@ type DBStorage interface {
 
 	//TODO : remove UpdateAccount, implement UpdateAccountData and UpdateAccountLocalAuthentication
 	UpdateAccount(account Account) error
+	DeleteAccount(id string) error
 
 	Migrate() error
 }

storage/storage_test.go

@@ -1,67 +0,0 @@
-package storage
-
-import "github.com/google/uuid"
-
-var account1 = Account{
-	ID:        uuid.NewString(),
-	Namespace: "namespace",
-	Authentication: AccountAuth{
-		Local: &LocalAuth{
-			Username: Ptr("test"),
-			Password: "hashedpassword",
-			Email:    Ptr("test@test.com"),
-			EmailValidation: &Validation{
-				Validated:      true,
-				ValidationCode: "",
-			},
-			PhoneNumber: Ptr("+3312345678"),
-			PhoneNumberValidation: &Validation{
-				Validated:      true,
-				ValidationCode: "",
-			},
-		},
-	},
-	Data: map[string]any{
-		"key1": "value1",
-		"key2": "value2",
-	},
-	Metadata: map[string]any{
-		"key1": "value1",
-		"key2": "value2",
-	},
-}
-
-var account2 = Account{
-	ID:        uuid.NewString(),
-	Namespace: "test",
-	Authentication: AccountAuth{
-		Local: &LocalAuth{
-			Username: Ptr("test2"),
-			Password: "hashedpassword",
-		},
-	},
-	Data: map[string]any{
-		"key1": "value3",
-		"key2": "value4",
-	},
-	Metadata: map[string]any{
-		"key1": "value5",
-		"key2": "value6",
-	},
-}
-
-var account3 = Account{
-	ID:        uuid.NewString(),
-	Namespace: "other_namespace",
-	Authentication: AccountAuth{
-		Local: nil,
-	},
-	Data: map[string]any{
-		"key1": "value3",
-		"key2": "value4",
-	},
-	Metadata: map[string]any{
-		"key1": "value5",
-		"key2": "value6",
-	},
-}