TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-06 13:57:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(docs): fix links for domain migration (#4831)

Browse Source 
* chore(docs): fix links for domain migration

* try trailing slash for netlify

* trial

* fix typo

* test path

* try preview proxied

* test local proxy

* try to define the domain with redirect to /docs

* remove build commands

* debug netlify router and fix image link

* working config

* fix analytics
This commit is contained in:
Florian Forster 2022-12-06 20:33:13 +01:00 committed by GitHub
parent 3539418a4a
commit 065250a108
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
49 changed files with 210 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/docs/apis/introduction.mdx
View File

@ -42,7 +42,7 @@ Endpoint:
{your_domain}/zitadel.auth.v1.AuthService/
Definition:
[Auth Proto](/docs/apis/proto/auth)
[Auth Proto](/apis/proto/auth)
### REST
@ -78,7 +78,7 @@ Endpoint:
{your_domain}/zitadel.management.v1.ManagementService/
Definition:
[Management Proto](/docs/apis/proto/management)
[Management Proto](/apis/proto/management)
### REST
@ -112,7 +112,7 @@ Endpoint:
{your_domain}/zitadel.admin.v1.AdminService/
Definition:
[Admin Proto](/docs/apis/proto/admin)
[Admin Proto](/apis/proto/admin)
### REST
@ -137,7 +137,7 @@ Definition:
This API is intended to manage the different ZITADEL instances within the system.
Checkout the guide how to [access the ZITADEL System API](/docs/guides/integrate/access-zitadel-system-api).
Checkout the guide how to [access the ZITADEL System API](/guides/integrate/access-zitadel-system-api).
</div>
<div className="apicard-right">
@ -148,7 +148,7 @@ Endpoint:
{your_domain}/zitadel.system.v1.SystemService/
Definition:
[System Proto](/docs/apis/proto/system)
[System Proto](/apis/proto/system)
### REST

24
docs/docs/apis/openidoauth/authrequest.mdx
View File

@ -20,7 +20,7 @@ This playground should help you to initially craft an authentication request and
## Request parameters explained
Not all request parameters are available in the playground. Please refer to the full documentation of the [authorization endpoint](/docs/apis/openidoauth/endpoints#authorization_endpoint).
Not all request parameters are available in the playground. Please refer to the full documentation of the [authorization endpoint](/apis/openidoauth/endpoints#authorization_endpoint).
### Your Domain
@ -47,7 +47,7 @@ The <span className="text-yellow-500">Instance Domain</span> to your ZITADEL ins
need code.
</p>
More in the <a href="/docs/apis/openidoauth/endpoints#required-request-parameters">documentation</a> about required Parameters.
More in the <a href="/apis/openidoauth/endpoints#required-request-parameters">documentation</a> about required Parameters.
### Authentication methods
@ -57,9 +57,9 @@ Depending on the authentication and authorization flow of your application you m
for most application types. The playground appends automatically a code challenge
for PKCE flows.
You need to append a "Code Challenge" by providing a random <span className="text-teal-600">Code Verifier</span> that is being hashed and encoded in the request to the token endpoint, please see our [guide](/docs/guides/integrate/login-users#token-request) for more details.
You need to append a "Code Challenge" by providing a random <span className="text-teal-600">Code Verifier</span> that is being hashed and encoded in the request to the token endpoint, please see our [guide](/guides/integrate/login-users#token-request) for more details.
More in the [documentation](/docs/apis/openidoauth/authn-methods) about authentication methods.
More in the [documentation](/apis/openidoauth/authn-methods) about authentication methods.
### Additional Parameters
@ -76,7 +76,7 @@ More in the [documentation](/docs/apis/openidoauth/authn-methods) about authenti
of a user. You can skip the account picker by providing the Login hint.
</p>
There are many more additional parameters. Please refer to the [documentation](/docs/apis/openidoauth/endpoints#additional-parameters) about additional parameters.
There are many more additional parameters. Please refer to the [documentation](/apis/openidoauth/endpoints#additional-parameters) about additional parameters.
## Standard Scopes
@ -84,32 +84,32 @@ Used to request additional information from ZITADEL.
These scopes are defined in the OpenID Connect specification.
The `openid` scope is mandatory.
Not all scopes are available in the playground. Please refer to the full [documentation](/docs/apis/openidoauth/scopes) for the exhaustive list of available standard and reserved scopes.
Not all scopes are available in the playground. Please refer to the full [documentation](/apis/openidoauth/scopes) for the exhaustive list of available standard and reserved scopes.
## Reserved Scopes
You can request additional information that is specific to ZITADEL or customize the behavior of ZITADEL by including reserved scopes.
Please refer to the [documentation](/docs/apis/openidoauth/scopes#reserved-scopes) for a full list of available reserved scopes.
Please refer to the [documentation](/apis/openidoauth/scopes#reserved-scopes) for a full list of available reserved scopes.
### Organization policies and branding
Enforce an organization's policies and branding as well as membership of the user by passing the scope `urn:zitadel:iam:org:id:{id}` with the required <span className="text-purple-500">Organization ID</span>.
Please refer to the full [guide on branding](/docs/guides/manage/customize/branding).
Please refer to the full [guide on branding](/guides/manage/customize/branding).
### Get user metadata
Pass the scope `urn:zitadel:iam:user:metadata` to request a user's metadata.
Please refer to the full [guide on user-metadata](/docs/guides/manage/customize/user-metadata) for further details.
Please refer to the full [guide on user-metadata](/guides/manage/customize/user-metadata) for further details.
### Access core apis
Calling the [core API](/docs/apis/introduction) with the authenticated user, requires that the projectID of ZITADEL is included in the audience claim.
Calling the [core API](/apis/introduction) with the authenticated user, requires that the projectID of ZITADEL is included in the audience claim.
This can be achieved by adding the scope `urn:zitadel:iam:org:project:id:zitadel:aud` to your applications authorization request.
## How to use ZITADEL in your project
Please refer to our [guide](/docs/guides/integrate/login-users) on how to login users.
Please refer to our [guide](/guides/integrate/login-users) on how to login users.
OpenID Connect certified libraries should allow you to customize the parameters and define scopes for the authorization request. You can also continue by using one of our [example applications](/docs/examples/introduction).
OpenID Connect certified libraries should allow you to customize the parameters and define scopes for the authorization request. You can also continue by using one of our [example applications](/examples/introduction).

2
docs/docs/apis/ratelimits/ratelimits.md
View File

@ -2,7 +2,7 @@
title: ZITADEL Cloud Rate Limits
---
Rate limits are implemented according to our [rate limit policy](/docs/legal/rate-limit-policy.md) with the following rules:
Rate limits are implemented according to our [rate limit policy](/legal/rate-limit-policy.md) with the following rules:
| Path | Description | Throttling | One Minute Banning |
|--------------------------|----------------------------------------|--------------------------------------|----------------------------------------|

16
docs/docs/concepts/architecture/software.md
View File

@ -37,15 +37,15 @@ The http server is responsible for the following functions:
The API layer consist of the multiple APIs provided by ZITADEL. Each serves a dedicated purpose.
All APIs of ZITADEL are always available as gRCP, gRPC-web and REST service.
The only exception is the [OpenID Connect & OAuth](/docs/apis/openidoauth/endpoints) and [Asset API](/docs/apis/introduction#assets) due their unique nature.
The only exception is the [OpenID Connect & OAuth](/apis/openidoauth/endpoints) and [Asset API](/apis/introduction#assets) due their unique nature.
- [OpenID Connect & OAuth](/docs/apis/openidoauth/endpoints) - allows to request authentication and authorization of ZITADEL
- [SAML](/docs/apis/saml/endpoints) - allows to request authentication and authorization of ZITADEL through the SAML standard
- [Authentication API](/docs/apis/introduction#authentication) - allow a user to do operation in its own context
- [Management API](/docs/apis/introduction#management) - allows an admin or machine to manage the ZITADEL resources on an organization level
- [Administration API](/docs/apis/introduction#administration) - allows an admin or machine to manage the ZITADEL resources on an instance level
- [System API](/docs/apis/introduction#system) - allows to create and change new ZITADEL instances
- [Asset API](/docs/apis/introduction#assets) - is used to upload and download static assets
- [OpenID Connect & OAuth](/apis/openidoauth/endpoints) - allows to request authentication and authorization of ZITADEL
- [SAML](/apis/saml/endpoints) - allows to request authentication and authorization of ZITADEL through the SAML standard
- [Authentication API](/apis/introduction#authentication) - allow a user to do operation in its own context
- [Management API](/apis/introduction#management) - allows an admin or machine to manage the ZITADEL resources on an organization level
- [Administration API](/apis/introduction#administration) - allows an admin or machine to manage the ZITADEL resources on an instance level
- [System API](/apis/introduction#system) - allows to create and change new ZITADEL instances
- [Asset API](/apis/introduction#assets) - is used to upload and download static assets
### Core Layer

14
docs/docs/concepts/features/selfservice.md
View File

@ -10,7 +10,7 @@ It is important to understand that, depending on your use case, there will exist
- `Users` are the end-users of your application. Like with any CIAM solution, users should be able to perform tasks like register/join, update their profile, manage authenticators etc. There are certain actions that can be executed pre-login, yet others require the user to have a valid session.
- `Managers` are users with a [special manager role](../../guides/manage/console/managers) within ZITADEL and can perform administrative actions such as system configuration or granting access rights to users.
All self-service interfaces are available in different [languages](/docs/guides/manage/customize/texts#internationalization).
All self-service interfaces are available in different [languages](/guides/manage/customize/texts#internationalization).
:::info
ZITADEL covers the typical "CIAM" self-service capabilities as well as delegated access management for multi-tenancy scenarios. Please refer to the section [Managers](#managers).
@ -64,7 +64,7 @@ By default, the displayed branding is defined based on the user's domain. In cas
### Web, Mobile, and Single-Page Applications
[This guide](/docs/guides/integrate/login-users) explains in more detail the login-flows for different application types.
[This guide](/guides/integrate/login-users) explains in more detail the login-flows for different application types.
Human users are redirected to ZITADEL's login page and complete sign-in with the interactive login flow.
It is important to understand that ZITADEL provides a hosted login page and the device of the users opens this login page in a browser, even on Native/Mobile apps.
@ -72,7 +72,7 @@ It is important to understand that ZITADEL provides a hosted login page and the
Users are automatically prompted to provide a second factor, when
- Instance or organization [login policy](/docs/concepts/structure/policies#login-policy) is set
- Instance or organization [login policy](/concepts/structure/policies#login-policy) is set
- Requested by the client
- A multi-factor is setup for the user
@ -104,7 +104,7 @@ Given an external identity provider is configured on the instance or on the orga
### Machines
Machine accounts can't use an interactive login but require other means of authentication, such as privately-signed JWT or personal access tokens.
Read more about [Service Users](/docs/guides/integrate/serviceusers) and recommended [OpenID Connect Flows](/docs/guides/integrate/oauth-recommended-flows#different-client-profiles).
Read more about [Service Users](/guides/integrate/serviceusers) and recommended [OpenID Connect Flows](/guides/integrate/oauth-recommended-flows#different-client-profiles).
### Other Clients
@ -119,7 +119,7 @@ The user can click the account in the list and does not need to type the usernam
Users can still login with a different user that is not in the list.
:::info
This behavior can be changed with the authorization request. Please refer to our [guide](/docs/guides/integrate/login-users).
This behavior can be changed with the authorization request. Please refer to our [guide](/guides/integrate/login-users).
:::
### Password reset
@ -133,7 +133,7 @@ Unauthenticated users can request a password reset after providing the loginname
## Logout
Users can terminate the session for all their users (logout).
A client can also implement this, by calling the [specific endpoint](/docs/apis/openidoauth/endpoints#end_session_endpoint).
A client can also implement this, by calling the [specific endpoint](/apis/openidoauth/endpoints#end_session_endpoint).
## Profile
@ -203,7 +203,7 @@ This could be permission to assign authorizations within this isolated organizat
### Managers in delegation
In a setup like described in the [B2B Scenario](/docs/guides/solution-scenarios/b2b), there exists an organization of the project owner and a customer organization.
In a setup like described in the [B2B Scenario](/guides/solution-scenarios/b2b), there exists an organization of the project owner and a customer organization.
The project is granted to the customer organization, such that the customer can access the project and assign authorization to their users.
Given such as setup the owner might want to give one administrative user of the customer organization the role `ORG_OWNER`.

2
docs/docs/concepts/structure/_org_description.mdx
View File

@ -1,6 +1,6 @@
ZITADEL is organized around the idea that:
* Multiple organizations can be managed within one [instance](/docs/concepts/structure/instance).
* Multiple organizations can be managed within one [instance](/concepts/structure/instance).
* organizations can grant each other rights to self-manage certain aspects of the IAM (eg, roles for access management)
* organizations are vessels for users and projects

8
docs/docs/concepts/structure/instance.mdx
View File

@ -5,20 +5,20 @@ title: Instance
## Instance Structure
An instance is the top node in ZITADEL's data hierarchy.
Within an instance all the default [settings](/docs/concepts/structure/policies),
Within an instance all the default [settings](/concepts/structure/policies),
such as branding, login policy, password policy, etc. for the system can be configured.
One instance normally runs on one domain and represents one issuer (e.g login.customer.com).
One instance can contain multiple [organizations](/docs/concepts/structure/organizations),
One instance can contain multiple [organizations](/concepts/structure/organizations),
which in turn can represent your own company (e.g. departments), your business customers or a consumer organization.
Read more about how to configure your instance in our [instance guide](/docs/guides/manage/console/instance-settings).
Read more about how to configure your instance in our [instance guide](/guides/manage/console/instance-settings).
## Multiple Virtual Instances
ZITADEL has the concept of virtual instances.
When installing ZITADEL from scratch, one instance is always automatically created for you.
Nevertheless, you can add more virtual instances via the [system API](/docs/apis/proto/system#addinstance).
Nevertheless, you can add more virtual instances via the [system API](/apis/proto/system#addinstance).
This is useful if you have business customers, which in turn have their business customers with self service and custom domain demands.
By providing a virtual ZITADEL instances, your customers have all the customization options available in ZITADEL.
Scaling ZITADEL instances virtually enables you to easily distribute your limited compute resources to all your customers.

6
docs/docs/concepts/structure/users.md
View File

@ -22,12 +22,12 @@ The main difference between human and machine users is the type of credentials t
### Managers
Any user, human or service user, can be given a [Manager](/docs/concepts/structure/managers) role.
Any user, human or service user, can be given a [Manager](/concepts/structure/managers) role.
Given a manager role, a user is not only an end-user of ZITADEL but can also manage certain aspects of ZITADEL itself.
## Constraints
Users can only exist within one [organization](/docs/concepts/structure/organizations).
Users can only exist within one [organization](/concepts/structure/organizations).
It is currently not possible to move users between organizations.
User accounts are uniquely identified by their `id` or `loginname` in combination of the `organization domain` (eg, `road.runner@acme.zitadel.local`).
@ -35,7 +35,7 @@ You can use the same email address for different user accounts.
## Where to store users
Depending on your [scenario](/docs/guides/solution-scenarios/introduction), you might want to store all users in one organization (CIAM / B2C) or create a new organization for each logical group of users, e.g. each business customer (B2B).
Depending on your [scenario](/guides/solution-scenarios/introduction), you might want to store all users in one organization (CIAM / B2C) or create a new organization for each logical group of users, e.g. each business customer (B2B).
With a project grant, you can delegate the access management of an organization's project to another organization.
You can also create a user grant to allow single users to access projects from another organization.
This is also an alternative to cases where you might want to move users between organizations.

16
docs/docs/examples/introduction.mdx
View File

@ -13,31 +13,31 @@ Get started with ZITADEL quickly by reading a quickstart or by cloning a [ZITADE
<CardWrapper>
<Card
link="/docs/examples/login/angular"
imageSource="/img/tech/angular.svg"
imageSource="/docs/img/tech/angular.svg"
title="Angular"
description="Add the user login to your application and query some data from the userinfo endpoint"
/>
<Card
link="/docs/examples/login/react"
imageSource="/img/tech/react.png"
imageSource="/docs/img/tech/react.png"
title="React"
description="Logs into your application and queries some data from the userinfo endpoint"
/>
<Card
link="/docs/examples/login/flutter"
imageSource="/img/tech/flutter.svg"
imageSource="/docs/img/tech/flutter.svg"
title="Flutter"
description="Mobile Application working for iOS and Android that authenticates your user."
/>
<Card
link="/docs/examples/login/nextjs"
imageSource="/img/tech/nextjs.svg"
imageSource="/docs/img/tech/nextjs.svg"
title="NextJS"
description="A simple application to log into your user account and query some data from User endpoint."
/>
<Card
link="/docs/examples/login/nextjs-b2b"
imageSource="/img/tech/nextjs.svg"
imageSource="/docs/img/tech/nextjs.svg"
title="NextJS B2B Scenario"
description="An application to showcase your user account having multiple organizations and the use of Personal Access Tokens."
/>
@ -47,13 +47,13 @@ Get started with ZITADEL quickly by reading a quickstart or by cloning a [ZITADE
<CardWrapper>
<Card
link="/docs/examples/call-zitadel-api/go"
imageSource="/img/tech/golang.svg"
imageSource="/docs/img/tech/golang.svg"
title="GO"
description="Demonstrates how to fetch some data from the ZITADEL management API."
/>
<Card
link="/docs/examples/call-zitadel-api/dot-net"
imageSource="/img/tech/dotnet.svg"
imageSource="/docs/img/tech/dotnet.svg"
title=".NET"
description="This integration guide shows you how to integrate ZITADEL into your .NET application. It demonstrates how to fetch some data from the ZITADEL management API."
/>
@ -63,7 +63,7 @@ Get started with ZITADEL quickly by reading a quickstart or by cloning a [ZITADE
<CardWrapper>
<Card
link="/docs/examples/identity-proxy/oauth2-proxy"
imageSource="/img/tech/oauth2-proxy.svg"
imageSource="/docs/img/tech/oauth2-proxy.svg"
title="OAuth 2.0 Proxy"
description="Allows services to delegate the authentication flow to a IDP, for example ZITADEL"
/>

8
docs/docs/examples/login/flutter.md
View File

@ -167,11 +167,11 @@ Our Android and iOS Application opens ZITADEL's login within a custom tab, on We
If everything works out correctly, your applications should look like this:
<div style={{display: 'grid', 'gridColumnGap': '1rem', 'gridTemplateColumns': '1fr 1fr', 'maxWidth': '500px', 'margin': '0 auto'}}>
<img src="/img/flutter/not-authed.png" alt="Unauthenticated" height="500px" />
<img src="/img/flutter/authed.png" alt="Flutter Authenticated" height="500px" />
<img src="/docs/img/flutter/not-authed.png" alt="Unauthenticated" height="500px" />
<img src="/docs/img/flutter/authed.png" alt="Flutter Authenticated" height="500px" />
</div>
<div style={{display: 'grid', 'gridColumnGap': '1rem', 'gridTemplateColumns': '1fr 1fr', 'maxWidth': '800px', 'margin': '0 auto'}}>
<img src="/img/flutter/web-not-authed.png" alt="Unauthenticated" height="500px" />
<img src="/img/flutter/web-authed.png" alt="Flutter Authenticated" height="500px" />
<img src="/docs/img/flutter/web-not-authed.png" alt="Unauthenticated" height="500px" />
<img src="/docs/img/flutter/web-authed.png" alt="Flutter Authenticated" height="500px" />
</div>

6
docs/docs/examples/login/nextjs-b2b.md
View File

@ -134,13 +134,13 @@ Let's call this new organization `Demo-Customer`.
### Users
Now switch back to the organization `Demo-Customer` and [create a new user](https://docs.zitadel.com/docs/manuals/user-register) in this organization.
Now switch back to the organization `Demo-Customer` and [create a new user](/manuals/user-register) in this organization.
Let's call the first user `Alice Admin`. Create a second user called `Eric Employee`.
### Manager Role
We want to enable Alice to assign roles to users in her organization in a self-service manner.
To make this happen, we need give Alice an [Manager Role](https://docs.zitadel.com/docs/concepts/structure/managers) within the Organization `Demo-Customer`.
To make this happen, we need give Alice an [Manager Role](/concepts/structure/managers) within the Organization `Demo-Customer`.
Still in the organization `Demo-Customer`, navigate to Organization. Click on the plus on the top right and give `Alice Admin` the Manager Role `Org Owner`.
@ -151,7 +151,7 @@ Login with your user on the customer organization to validate the setup.
### Organization Grant
Switch to the `Demo-Vendor` organization, select Projects in the navigation, and click on `Portal` and then `Grants`.
[Grant all roles of the Project](https://docs.zitadel.com/docs/guides/basics/projects#exercise---grant-a-project) to the organization `demo-customer.{YourDomain}.zitadel.cloud`.
[Grant all roles of the Project](/guides/manage/console/projects#grant-a-project) to the organization `demo-customer.{YourDomain}.zitadel.cloud`.
### Authorization

4
docs/docs/guides/deploy/_next.mdx
View File

@ -1,9 +1,9 @@
## What's next
For running a production grade ZITADEL instance in your environment, go on with the [configure ZITADEL](/docs/guides/manage/self-hosted/configure) section.
For running a production grade ZITADEL instance in your environment, go on with the [configure ZITADEL](/guides/manage/self-hosted/configure) section.
:::caution
<!-- TODO: Better mark the link in the UI -->
The ZITADEL management console [requires end-to-end HTTP/2 support](/docs/guides/manage/self-hosted/http2)
The ZITADEL management console [requires end-to-end HTTP/2 support](/guides/manage/self-hosted/http2)

2
docs/docs/guides/integrate/access-zitadel-system-api.md
View File

@ -9,7 +9,7 @@ The ZITADEL System API is currently only available for ZITADEL Self-Hosted deplo
## System API User
The System API works superordinate over all instances. Therefore, you need to define a separate users to get access to this API.
You can do so by customizing the [runtime configuration](/docs/guides/manage/self-hosted/configure#runtime-configuration).
You can do so by customizing the [runtime configuration](/guides/manage/self-hosted/configure#runtime-configuration).
To authenticate the user a self-signed JWT will be created and utilized.

4
docs/docs/guides/integrate/application/application.mdx
View File

@ -16,7 +16,7 @@ export default function CreateApp(props) {
</p>
<img
alt="Add application"
src="/img/guides/console/addapplication.png"
src="/docs/img/guides/console/addapplication.png"
width="120px"
/>
<p>
@ -24,7 +24,7 @@ export default function CreateApp(props) {
</p>
<img
alt={"create " + props.appType + " preview"}
src={"/img/guides/application/create-" + props.appType + "-app.png"}
src={"/docs/img/guides/application/create-" + props.appType + "-app.png"}
/>
<h3>Select the authentication method</h3>
<p>

12
docs/docs/guides/integrate/application/auth-type.mdx
View File

@ -84,7 +84,7 @@ export const pkce = () => (
<td>
<img
width="300px"
src="/img/guides/application/pkce-logo-dark.png"
src="/docs/img/guides/application/pkce-logo-dark.png"
alt="pkce preview"
/>
</td>
@ -100,7 +100,7 @@ export const code = () => (
<td>
<img
width="300px"
src="/img/guides/application/code-logo-dark.png"
src="/docs/img/guides/application/code-logo-dark.png"
alt="code preview"
/>
</td>
@ -116,7 +116,7 @@ export const jwt = () => (
<td>
<img
width="300px"
src="/img/guides/application/jwt-logo-dark.png"
src="/docs/img/guides/application/jwt-logo-dark.png"
alt="jwt preview"
/>
</td>
@ -136,7 +136,7 @@ export const post = () => (
<td>
<img
width="300px"
src="/img/guides/application/post-logo-dark.png"
src="/docs/img/guides/application/post-logo-dark.png"
alt="post preview"
/>
</td>
@ -155,7 +155,7 @@ export const implicit = () => (
<td>
<img
width="300px"
src="/img/guides/application/implicit-logo-dark.png"
src="/docs/img/guides/application/implicit-logo-dark.png"
alt="Implicit preview"
/>
</td>
@ -174,7 +174,7 @@ export const basic = () => (
<td>
<img
width="300px"
src="/img/guides/application/basic-logo-dark.png"
src="/docs/img/guides/application/basic-logo-dark.png"
alt="Basic preview"
/>
</td>

2
docs/docs/guides/integrate/application/generate-key.mdx
View File

@ -11,7 +11,7 @@ export default function GenerateKey(props) {
<img
width="400px"
alt="Generate key"
src="/img/guides/application/generate-key.png"
src="/docs/img/guides/application/generate-key.png"
/>
</div>
) : null;

2
docs/docs/guides/integrate/application/redirect-uris.mdx
View File

@ -44,7 +44,7 @@ export default function RedirectURIs(props) {
<img
width="600px"
alt="Redirect URIs configuration"
src={"/img/guides/application/redirect-uris.png"}
src={"/docs/img/guides/application/redirect-uris.png"}
/>
</div>
) : null;

2
docs/docs/guides/integrate/application/review-config.mdx
View File

@ -22,7 +22,7 @@ export default function ReviewConfig(props) {
</p>
<img
alt="client infos"
src={`/img/guides/application/client-${clientObjects.join("-")}.png`}
src={`/docs/img/guides/application/client-${clientObjects.join("-")}.png`}
width="700px"
/>
</div>

8
docs/docs/guides/integrate/authmethods/basic.mdx
View File

@ -21,12 +21,12 @@ the authentication process. The latter is used to bind the client session with t
You don't need any additional parameter for this request. We're identifying the app by the `client_id` parameter.
Try out the request in our [OIDC Authentication Request Playground](/docs/apis/openidoauth/authrequest?auth_method=Client%20Secret%20Basic).
Try out the request in our [OIDC Authentication Request Playground](/apis/openidoauth/authrequest?auth_method=Client%20Secret%20Basic).
### Additional parameters and customization
There are additional parameters and values you can provide to satisfy your use case and to customize the user's authentication flow.
Please check the [authorization_endpoint reference](/docs/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
Please check the [authorization_endpoint reference](/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
## Callback
@ -43,7 +43,7 @@ You will need this `code` in the token request.
If a parameter was missing, malformed or any other error occurred, your answer will contain an `error` stating the error type,
possibly an `error_description` providing some information about the error and its reason and the `state` parameter.
Check the [error response section](/docs/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.
Check the [error response section](/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.
## Token request
@ -56,7 +56,7 @@ Next you will have to exchange the given `code` for the tokens. For this HTTP PO
Depending on your authentication method you'll need additional headers and parameters:
Send your `client_id` and `client_secret` as Basic Auth Header. Note that OAuth2 requires client_id and client_secret to be form url encoded.
So check [Client Secret Basic Auth Method](/docs/apis/openidoauth/authn-methods#client-secret-basic) on how to build it correctly.
So check [Client Secret Basic Auth Method](/apis/openidoauth/authn-methods#client-secret-basic) on how to build it correctly.
```curl
curl --request POST \

6
docs/docs/guides/integrate/authmethods/implicit.mdx
View File

@ -7,7 +7,7 @@ We therefore discourage the use of Implicit Flow and do not cover the flow in th
:::
If you still need to rely on the implicit flow, simply keep in mind that the response on the authorization_endpoint is
the same you would be given on the token_endpoint and check the [OAuth / OIDC endpoint documentation](/docs/apis/openidoauth/endpoints) for more information.
the same you would be given on the token_endpoint and check the [OAuth / OIDC endpoint documentation](/apis/openidoauth/endpoints) for more information.
#### redirect_uri
@ -32,7 +32,7 @@ When using the Implicit Flow you will also have to provide a `nonce` parameter t
### Additional parameters and customization
There are additional parameters and values you can provide to satisfy your use case and to customize the user's authentication flow.
Please check the [authorization_endpoint reference](/docs/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
Please check the [authorization_endpoint reference](/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
## Callback
@ -46,4 +46,4 @@ Upon successful authentication you'll be given the `access_token`, `id_token`, `
If a parameter was missing, malformed or any other error occurred, your answer will contain an `error` stating the error type,
possibly an `error_description` providing some information about the error and its reason and the `state` parameter.
Check the [error response section](/docs/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.
Check the [error response section](/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.

6
docs/docs/guides/integrate/authmethods/jwtpk.mdx
View File

@ -23,12 +23,12 @@ You don't need any additional parameter for this request. We're identifying the
So your request might look like this (linebreaks and whitespace for display reasons):
Try out the request in our [OIDC Authentication Request Playground](/docs/apis/openidoauth/authrequest?auth_method=Client%20Secret%20Basic).
Try out the request in our [OIDC Authentication Request Playground](/apis/openidoauth/authrequest?auth_method=Client%20Secret%20Basic).
### Additional parameters and customization
There are additional parameters and values you can provide to satisfy your use case and to customize the user's authentication flow.
Please check the [authorization_endpoint reference](/docs/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
Please check the [authorization_endpoint reference](/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
## Callback
@ -45,7 +45,7 @@ You will need this `code` in the token request.
If a parameter was missing, malformed or any other error occurred, your answer will contain an `error` stating the error type,
possibly an `error_description` providing some information about the error and its reason and the `state` parameter.
Check the [error response section](/docs/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.
Check the [error response section](/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.
## Token request

6
docs/docs/guides/integrate/authmethods/pkce.mdx
View File

@ -29,12 +29,12 @@ the hash as well and to verify it's correct. In order to do so you're required t
For example for `random-string` the code_challenge would be `9az09PjcfuENS7oDK7jUd2xAWRb-B3N7Sr3kDoWECOY`
Try out the request in our [OIDC Authentication Request Playground](/docs/apis/openidoauth/authrequest).
Try out the request in our [OIDC Authentication Request Playground](/apis/openidoauth/authrequest).
### Additional parameters and customization
There are additional parameters and values you can provide to satisfy your use case and to customize the user's authentication flow.
Please check the [authorization_endpoint reference](/docs/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
Please check the [authorization_endpoint reference](/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
## Callback
@ -51,7 +51,7 @@ You will need this `code` in the token request.
If a parameter was missing, malformed or any other error occurred, your answer will contain an `error` stating the error type,
possibly an `error_description` providing some information about the error and its reason and the `state` parameter.
Check the [error response section](/docs/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.
Check the [error response section](/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.
## Token request

4
docs/docs/guides/integrate/authmethods/pkcenative.mdx
View File

@ -20,7 +20,7 @@ with a custom protocol, you will need to add the origin where the app is served
### Additional parameters and customization
There are additional parameters and values you can provide to satisfy your use case and to customize the user's authentication flow.
Please check the [authorization_endpoint reference](/docs/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
Please check the [authorization_endpoint reference](/apis/openidoauth/endpoints#authorization_endpoint) in the OAuth / OIDC documentation.
## Callback
@ -37,7 +37,7 @@ You will need this `code` in the token request.
If a parameter was missing, malformed or any other error occurred, your answer will contain an `error` stating the error type,
possibly an `error_description` providing some information about the error and its reason and the `state` parameter.
Check the [error response section](/docs/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.
Check the [error response section](/apis/openidoauth/endpoints#error-response) in the authorization_endpoint reference.
## Token request

2
docs/docs/guides/integrate/serviceusers.md
View File

@ -2,7 +2,7 @@
title: Service Users
---
This is a guide on how to create service users in ZITADEL. You can read more about users [here](/docs/concepts/structure/users.md).
This is a guide on how to create service users in ZITADEL. You can read more about users [here](/concepts/structure/users.md).
## Create a Service User
1. Navigate to Service Users

8
docs/docs/guides/manage/console/actions.mdx
View File

@ -5,7 +5,7 @@ title: Actions
An Identity and Management system is a very interactive place. ZITADEL has built in functionality to react to its events. This functionality is called **Actions** and can be accessed from your organizations top navigation.
<img
src="/img/guides/console/actionsmenu.png"
src="/docs/img/guides/console/actionsmenu.png"
width="700px"
alt="Actions menu"
/>
@ -14,12 +14,12 @@ Actions allow you to define scripts which are then run on certain triggers.
To add an action, click at the **new** button and provide a script and a name.
You can specify a timeout and whether the action is allowed to fail too.
<img src="/img/guides/console/action.png" alt="Create Action" width="450px" />
<img src="/docs/img/guides/console/action.png" alt="Create Action" width="450px" />
To run those scripts, a flow with a trigger has to be created.
This could for example be a **External Authentication** Flow, with a **Post Authentication** trigger.
<img src="/img/guides/console/flow.png" alt="Flow" width="400px" />
<img src="/docs/img/guides/console/flow.png" alt="Flow" width="400px" />
Now whenever a user gets authenticated externally with an IDP, a action is triggered after the authentication itself.
If you want to know more where actions can be useful, take a look at the feature [here](/docs/concepts/features/actions) or directly jump to an example of a custom behaviour [here](/docs/guides/manage/customize/behavior).
If you want to know more where actions can be useful, take a look at the feature [here](/concepts/features/actions) or directly jump to an example of a custom behaviour [here](/guides/manage/customize/behavior).

16
docs/docs/guides/manage/console/applications.mdx
View File

@ -19,7 +19,7 @@ To access your applications, navigate to your project and select your applicatio
<img
alt="Granted project"
src="/img/guides/console/applications.png"
src="/docs/img/guides/console/applications.png"
width="750px"
/>
@ -31,7 +31,7 @@ To add an application to your project, click on the add button and select your a
<img
alt="Add application"
src="/img/guides/console/addapplication.png"
src="/docs/img/guides/console/addapplication.png"
width="120px"
/>
@ -97,7 +97,7 @@ Native applications can use a different protocol than http or https in order to
<img
alt="Redirect URIs"
src="/img/guides/console/redirecturis.png"
src="/docs/img/guides/console/redirecturis.png"
width="600px"
/>
@ -116,7 +116,7 @@ You can easily change your authentication method via the colored toggle on top o
<img
alt="Redirect URIs"
src="/img/guides/console/application.png"
src="/docs/img/guides/console/application.png"
width="800px"
/>
@ -125,7 +125,7 @@ Tasks for completion are shown in the field.
<img
alt="OIDC Compliance"
src="/img/guides/console/oidc-compliance.png"
src="/docs/img/guides/console/oidc-compliance.png"
width="600px"
/>
@ -136,7 +136,7 @@ On the bottom you can optionally set a **ClockSkew** time which is added to the
<img
alt="Token settings"
src="/img/guides/console/app-token-settings.png"
src="/docs/img/guides/console/app-token-settings.png"
width="600px"
/>
@ -147,7 +147,7 @@ Note that for local development you most likely have to enable development mode,
<img
alt="Redirect URIs"
src="/img/guides/console/redirect-uris.png"
src="/docs/img/guides/console/redirect-uris.png"
width="500px"
/>
@ -157,6 +157,6 @@ If you need to allow additional origins which should **NOT** be used as redirect
<img
alt="Additional origins"
src="/img/guides/console/additional-origins.png"
src="/docs/img/guides/console/additional-origins.png"
width="500px"
/>

22
docs/docs/guides/manage/console/instance-settings.mdx
View File

@ -7,7 +7,7 @@ Instance settings work as default or fallback settings for your organizational s
To access instance settings, use the instance page at `{instanceDomain}/ui/console/settings` or click at the instance button on the **top-right** of the page and then navigate to settings in the navigation.
<img
src="/img/guides/console/instancebutton.png"
src="/docs/img/guides/console/instancebutton.png"
alt="Instance Button"
width="450px"
/>
@ -66,13 +66,13 @@ To configure your custom SMTP please fill the following fields:
- User
- SMTP Password
<img src="/img/guides/console/smtp.png" alt="SMTP" width="400px" />
<img src="/docs/img/guides/console/smtp.png" alt="SMTP" width="400px" />
### SMS
No default provider is configured to send some SMS to your users. If you like to validate the phone numbers of your users make sure to add your twilio configuration by adding your Sid, Token and Sender Number.
<img src="/img/guides/console/twilio.png" alt="Twilio" width="400px" />
<img src="/docs/img/guides/console/twilio.png" alt="Twilio" width="400px" />
## Login Behaviour and Access
@ -87,7 +87,7 @@ The Login Policy defines how the login process should look like and which authen
| Passwordless | Choose if passwordless login is allowed or not |
<img
src="/img/guides/console/loginpolicy.png"
src="/docs/img/guides/console/loginpolicy.png"
alt="Login Bahaviour and Access"
width="600px"
/>
@ -141,7 +141,7 @@ The following properties can be set:
- Has Symbol
<img
src="/img/guides/console/complexity.png"
src="/docs/img/guides/console/complexity.png"
alt="Password Complexity"
width="600px"
/>
@ -156,7 +156,7 @@ The following settings are available:
If an account is locked, the administrator has to unlock it in the ZITADEL console
<img src="/img/guides/console/lockout.png" alt="Lockout" width="600px" />
<img src="/docs/img/guides/console/lockout.png" alt="Lockout" width="600px" />
## Domain settings
@ -188,7 +188,7 @@ Example:
`https://demo.com/tos-{{.Lang}}`
<img
src="/img/guides/console/privacypolicy.png"
src="/docs/img/guides/console/privacypolicy.png"
alt="Privacy Policy"
width="600px"
/>
@ -208,7 +208,7 @@ These are the texts for your notification mails. Available for change are:
You can set the locale of the translations on the right.
<img
src="/img/guides/console/messagetexts.png"
src="/docs/img/guides/console/messagetexts.png"
alt="Message texts"
width="600px"
/>
@ -217,7 +217,7 @@ You can set the locale of the translations on the right.
These are the texts for the login. Just like for message texts, you can select the locale on the right.
<img src="/img/guides/console/logintexts.png" alt="Login texts" width="600px" />
<img src="/docs/img/guides/console/logintexts.png" alt="Login texts" width="600px" />
## OIDC token lifetimes and expiration
@ -230,7 +230,7 @@ You can set the following times:
- Refresh Token Idle Expiration
<img
src="/img/guides/console/oidcsettings.png"
src="/docs/img/guides/console/oidcsettings.png"
alt="OIDC Token Lifetimes"
width="400px"
/>
@ -249,7 +249,7 @@ The following secrets can be configured:
- Application secrets
<img
src="/img/guides/console/secretappearance.png"
src="/docs/img/guides/console/secretappearance.png"
alt="Secret appearance"
width="400px"
/>

4
docs/docs/guides/manage/console/managers.mdx
View File

@ -9,14 +9,14 @@ import ManagerDescription from "../../../concepts/structure/_manager_description
To configure managers in ZITADEL go to the resource where you like to add it (e.g Instance, Organization, Project, GrantedProject).
In the right part of the console you can finde **MANAGERS** in the details part. Here you have a list of the current managers and can add a new one.
<img alt="Managers" src="/img/guides/console/managers.png" width="200px" />
<img alt="Managers" src="/docs/img/guides/console/managers.png" width="200px" />
When adding a new manager, you can select multiple roles some of which are only allowed to read data.
This can be especially useful if you add service users for one of your projects where you only need read access.
Per default you will only search for users within the selected organization. If you like to give a role to a user outside the organization you need to switch to the global search and type the exact loginname of the users. This will prevent allowing users to guess users from other organizations.
<img alt="Managers" src="/img/guides/console/addmanager.png" width="390px" />
<img alt="Managers" src="/docs/img/guides/console/addmanager.png" width="390px" />
## Roles

4
docs/docs/guides/manage/console/organizations.mdx
View File

@ -18,7 +18,7 @@ If you choose your logged in user as organization manager, a membership for the
<img
width="400px"
src="/img/console_org_select.png"
src="/docs/img/console_org_select.png"
alt="Select Organization"
/>
@ -27,7 +27,7 @@ The customer needs to fill in the form with the organization name and the contac
<img
width="400px"
src="/img/console_org_register.png"
src="/docs/img/console_org_register.png"
alt="Register new organization"
/>

2
docs/docs/guides/manage/console/overview.mdx
View File

@ -15,7 +15,7 @@ The console has a context switcher on the **top-left** where your current organi
Depending on your use case, multiple organizations can be created (B2B) or you can stick to your global organization (B2C). To get an understanding of your use cases and how we recommend setting up your organizations, read the [Solution Scenario](../../solution-scenarios/introduction) guides.
<img
src="/img/guides/console/contextswitcher.png"
src="/docs/img/guides/console/contextswitcher.png"
alt="Context switcher"
width="400px"
/>

14
docs/docs/guides/manage/console/projects.mdx
View File

@ -19,7 +19,7 @@ You would have to create roles for administration and your clients in this very
To create a project, navigate to your organization, then projects or directly via <https://{your_domain}.zitadel.cloud/ui/console/projects>, and then click the button to create a new project.
<img alt="Empty Project" src="/img/console_projects_empty.png" width="270px" />
<img alt="Empty Project" src="/docs/img/console_projects_empty.png" width="270px" />
then enter your project name and continue.
@ -41,7 +41,7 @@ Organizations can then create authorizations for their users on their own. The p
<img
alt="Granted project"
src="/img/guides/console/grantedprojectgrid.png"
src="/docs/img/guides/console/grantedprojectgrid.png"
width="320px"
/>
@ -49,7 +49,7 @@ Organizations can then create authorizations for their users on their own. The p
1. Visit the project `POS` that you have created before, then in the section **Grants** click **New**.
<img src="/img/guides/console/grantsmenu.png" alt="Grants" width="170px" />
<img src="/docs/img/guides/console/grantsmenu.png" alt="Grants" width="170px" />
2. Enter the domain of the organization you want to grant (go to the organization detail page if you can't remember it), hit the search button and continue.
3. Select some roles you would like to grant to the organization and confirm.
@ -62,7 +62,7 @@ Organizations can then create authorizations for their users on their own. The p
If you have different designs for your organizations or probably and use project grants, you can define the login behaviour on the project detail page.
<img
src="/img/guides/console/projectbranding.png"
src="/docs/img/guides/console/projectbranding.png"
alt="Project branding"
width="400px"
/>
@ -75,7 +75,7 @@ You can choose from
| Enforce project resource owner policy | This setting will enforce the private labeling of the organization (resource owner) of the project through the whole login process. |
| Allow Login User resource owner policy | With this setting first the private labeling of the organization (resource owner) of the project will trigger. As soon as the user and its organization (resource owner) is identified by ZITADEL, the settings will change to the organization of the user. |
In a B2B use case, you would typically use the organization setting. If you want to omit organization detection, you can preselect an organization with the [primary domain scope](/docs/apis/openidoauth/scopes#reserved-scopes) (ex. `urn:zitadel:iam:org:domain:primary:{domainname}`).
In a B2B use case, you would typically use the organization setting. If you want to omit organization detection, you can preselect an organization with the [primary domain scope](/apis/openidoauth/scopes#reserved-scopes) (ex. `urn:zitadel:iam:org:domain:primary:{domainname}`).
### Role settings
@ -88,7 +88,7 @@ Below the branding settings, you can check different checkboxes to get even more
It is checked whether the user's organization has this project. If not, the user cannot be authenticated.
<img
src="/img/guides/console/rolesettings.png"
src="/docs/img/guides/console/rolesettings.png"
width="700px"
alt="Role settings"
/>
@ -96,7 +96,7 @@ Below the branding settings, you can check different checkboxes to get even more
If you want to have roles in your token, this has to be set in your applications as this is dependent on your application type. Navigate to your application and check this setting if you want so.
<img
src="/img/guides/console/tokenroles.png"
src="/docs/img/guides/console/tokenroles.png"
width="700px"
alt="Roles in token"
/>

8
docs/docs/guides/manage/console/roles.mdx
View File

@ -17,7 +17,7 @@ and
- Display Name: Accountant
- Group: Administration
<img src="/img/guides/console/addrole.png" alt="Add roles" />
<img src="/docs/img/guides/console/addrole.png" alt="Add roles" />
The **Key** is used for coding (can then for example be requested in the ID Token).
@ -25,7 +25,7 @@ The **Display Name** is just for you remembering its use case
The **Group** is for making multiple roles selectable more easy.
<img src="/img/guides/console/roles.png" width="750px" alt="Roles" />
<img src="/docs/img/guides/console/roles.png" width="750px" alt="Roles" />
> The role client is for an other application of the project `POS`, as all possible roles from your POS applications are defined in your project.
@ -36,14 +36,14 @@ An authorization combines a user of your organization with one or multiple roles
> You can also add users of other organizations, if you want to do so click on the hint below the username field.
<img src="/img/guides/console/authusers.png" width="500px" alt="Auth users" />
<img src="/docs/img/guides/console/authusers.png" width="500px" alt="Auth users" />
If your wanted to test your application with your own user, navigate to the **Authorizations** section under your project and click on **new**.
Type your username, hit continue, select the roles you want your user to have and save. If you want to add all roles of the Administration group, you can click on the group to select all.
<img
src="/img/guides/console/authorization.png"
src="/docs/img/guides/console/authorization.png"
width="750px"
alt="Authorization"
/>

14
docs/docs/guides/manage/console/users.mdx
View File

@ -7,7 +7,7 @@ ZITADEL differs two different types of users:
- Users (Humans)
- Service Users (Machine Accounts)
<img src="/img/guides/console/usersmenu.png" width="420px" alt="User types" />
<img src="/docs/img/guides/console/usersmenu.png" width="420px" alt="User types" />
A human user has an email address and a password, and can additionally save information about phone, nickname, gender, language.
A service user only has a name and a description aside his username.
@ -27,11 +27,11 @@ import TabItem from "@theme/TabItem";
<Tabs>
<TabItem value="human" label="Human User" default>
<img src="/img/guides/console/addhuman.png" width="680px" alt="Add Human" />
<img src="/docs/img/guides/console/addhuman.png" width="680px" alt="Add Human" />
</TabItem>
<TabItem value="service" label="Service User">
<img
src="/img/guides/console/addmachine.png"
src="/docs/img/guides/console/addmachine.png"
width="540px"
alt="Add Service User"
/>
@ -46,7 +46,7 @@ You can prompt the user to add a second factor method too by checking the **Forc
When logged in, a user can then manage his profile in console himself, adding a profile picture, external IDPs and Passwordless authentication devices.
<img src="/img/guides/console/myprofile.png" alt="Profile Self Manage" />
<img src="/docs/img/guides/console/myprofile.png" alt="Profile Self Manage" />
## Metadata
@ -58,17 +58,17 @@ Just navigate to the section **Metadata** and click on **edit**.
<img
width="460px"
src="/img/guides/console/usermetadata.png"
src="/docs/img/guides/console/usermetadata.png"
alt="User Metadata"
/>
Metadata can requested via our auth and management APIs, from userinfo endpoint or ID Token.
To get your metadata from the userinfo endpoint, add `urn:zitadel:iam:user:metadata` to your authentication request. Take a look at our reserved scopes [here](/docs/apis/openidoauth/scopes#reserved-scopes) or take a look at our [metadata guide](../customize/user-metadata).
To get your metadata from the userinfo endpoint, add `urn:zitadel:iam:user:metadata` to your authentication request. Take a look at our reserved scopes [here](/apis/openidoauth/scopes#reserved-scopes) or take a look at our [metadata guide](../customize/user-metadata).
You can then toggle **User Info inside ID Token** in your application settings, if you need this information in the ID Token too.
<img
src="/img/guides/console/appidtokensettings.png"
src="/docs/img/guides/console/appidtokensettings.png"
width="650px"
alt="ID Token settings"
/>

2
docs/docs/guides/manage/customize/branding.md
View File

@ -46,7 +46,7 @@ If you like to trigger your settings for your applications you have different po
Send a [reserved scope](../../../apis/openidoauth/scopes) with your [authorization request](../../integrate/login-users#auth-request) to trigger your organization.
The primary domain scope will restrict the login to your organization, so only users of your own organization will be able to login.
You can use our [OpenID Authentication Request Playground](/docs/apis/openidoauth/authrequest) to learn more about how to trigger an [organization's policies and branding](/docs/apis/openidoauth/authrequest#organization-policies-and-branding).
You can use our [OpenID Authentication Request Playground](/apis/openidoauth/authrequest) to learn more about how to trigger an [organization's policies and branding](/apis/openidoauth/authrequest#organization-policies-and-branding).
### 2. Setting on your Project

2
docs/docs/guides/manage/customize/user-metadata.md
View File

@ -107,7 +107,7 @@ Export the result to the environment variable `BASIC_AUTH`.
### Create Auth Request
You need to create a valid auth request, including the reserved scope `urn:zitadel:iam:user:metadata`. Please refer to our API documentation for more information about [reserved scopes](../../../apis/openidoauth/scopes#reserved-scopes) or try it out in our [OIDC Authrequest Playground](/docs/apis/openidoauth/authrequest?scope=openid%20email%20profile%20urn%3Azitadel%3Aiam%3Auser%3Ametadata).
You need to create a valid auth request, including the reserved scope `urn:zitadel:iam:user:metadata`. Please refer to our API documentation for more information about [reserved scopes](../../../apis/openidoauth/scopes#reserved-scopes) or try it out in our [OIDC Authrequest Playground](/apis/openidoauth/authrequest?scope=openid%20email%20profile%20urn%3Azitadel%3Aiam%3Auser%3Ametadata).
Login with the user to which you have added the metadata. After the login you will be redirected.

2
docs/docs/guides/manage/self-hosted/configure/configure.mdx
View File

@ -80,4 +80,4 @@ This is the IAM admin users login according to your configuration in the [exampl
:::caution
<!-- TODO: Better mark the link in the UI -->
The ZITADEL management console [requires end-to-end HTTP/2 support](/docs/guides/manage/self-hosted/http2)
The ZITADEL management console [requires end-to-end HTTP/2 support](/guides/manage/self-hosted/http2)

4
docs/docs/guides/manage/self-hosted/http2.mdx
View File

@ -9,7 +9,7 @@ To make us of gRPC it is vital to allow your clients to communicate with ZITADEL
Sometimes you need to configure explicitly that you want to use HTTP/2 if you run ZITADEL behind a reverse proxy and below you should find examples for different vendors and projects.
Furthermore it is important to notice that by default HTTP/2 is always encrypted, but if you want to run ZITADEL without TLS from your reverse proxy or service mesh this is possible through [h2c](https://httpd.apache.org/docs/2.4/howto/http2.html).
Furthermore it is important to notice that by default HTTP/2 is always encrypted, but if you want to run ZITADEL without TLS from your reverse proxy or service mesh this is possible through [h2c](https://httpd.apache.org/2.4/howto/http2.html).
Oftentimes when you run ZITADEL inside a service mesh, or a servelerss offering (e.g. Google Cloud Run, Knative, ...) you will need h2c.
You can read more about ZITADEL's [TLSs modes here](/docs/guides/manage/self-hosted/tls_modes).
You can read more about ZITADEL's [TLSs modes here](/guides/manage/self-hosted/tls_modes).

30
docs/docs/guides/manage/self-hosted/production.md
View File

@ -2,29 +2,29 @@
title: Production Checklist
---
As soon as you successfully deployed ZITADEL as a proof of concept using one of our [deployment guides](/docs/guides/deploy/overview),
As soon as you successfully deployed ZITADEL as a proof of concept using one of our [deployment guides](/guides/deploy/overview),
you are ready to configure ZITADEL for production usage.
## High Availability
We recommend running ZITADEL highly available using an orchestrator that schedules ZITADEL on multiple servers, like [Kubernetes](/docs/guides/deploy/kubernetes). For keeping startup times fast when scaling ZITADEL, you should also consider using separate jobs with `zitadel init` and `zitadel setup`, so your workload containers just have to execute `zitadel start`.
We recommend running ZITADEL highly available using an orchestrator that schedules ZITADEL on multiple servers, like [Kubernetes](/guides/deploy/kubernetes). For keeping startup times fast when scaling ZITADEL, you should also consider using separate jobs with `zitadel init` and `zitadel setup`, so your workload containers just have to execute `zitadel start`.
## Configuration
Read [on the configure page](/docs/guides/manage/self-hosted/configure) about the available options you have to configure ZITADEL.
Read [on the configure page](/guides/manage/self-hosted/configure) about the available options you have to configure ZITADEL.
## Networking
- To make ZITADEL available at the domain of your choice, [you need to configure the ExternalDomain property](/docs/guides/manage/self-hosted/custom-domain).
- To enable and restrict access to **HTTPS**, head over to [the description of your TLS options](/docs/guides/manage/self-hosted/tls_modes).
- If you want to front ZITADEL with a reverse proxy, web application firewall or content delivery network, make sure to support **[HTTP/2](/docs/guides/manage/self-hosted/http2)**.
- You can also refer to some **[example reverse proxy configurations](/docs/guides/manage/self-hosted/reverseproxy/reverse_proxy)**.
- To make ZITADEL available at the domain of your choice, [you need to configure the ExternalDomain property](/guides/manage/self-hosted/custom-domain).
- To enable and restrict access to **HTTPS**, head over to [the description of your TLS options](/guides/manage/self-hosted/tls_modes).
- If you want to front ZITADEL with a reverse proxy, web application firewall or content delivery network, make sure to support **[HTTP/2](/guides/manage/self-hosted/http2)**.
- You can also refer to some **[example reverse proxy configurations](/guides/manage/self-hosted/reverseproxy/reverse_proxy)**.
- The ZITADEL Console web GUI uses many gRPC-Web stubs. This results in a fairly big JavaScript bundle. You might want to compress it using [Gzip](https://www.gnu.org/software/gzip/) or [Brotli](https://github.com/google/brotli).
- Serving and caching the assets using a content delivery network could improve network latencies and shield your ZITADEL runtime.
## Monitoring
By default, [**metrics**](docs/apis/observability/metrics) are exposed at /debug/metrics in OpenTelemetry (otel) format.
By default, [**metrics**](/apis/observability/metrics) are exposed at /debug/metrics in OpenTelemetry (otel) format.
Also, you can enable **tracing** in the ZITADEL configuration.
@ -48,7 +48,7 @@ Also, if you are concerned about multi-regional data locality,
### Configure ZITADEL
Depending on your environment, you maybe would want to tweak some settings about how ZITADEL interacts with the database in the database section of your ZITADEL configuration. Read more about your [database configuration options](/docs/guides/manage/self-hosted/database).
Depending on your environment, you maybe would want to tweak some settings about how ZITADEL interacts with the database in the database section of your ZITADEL configuration. Read more about your [database configuration options](/guides/manage/self-hosted/database).
```yaml
Database:
@ -64,7 +64,7 @@ Database:
Options: ""
```
You also might want to configure how [projections](/docs/concepts/eventstore/implementation#projections) are computed. These are the default values:
You also might want to configure how [projections](/concepts/eventstore/implementation#projections) are computed. These are the default values:
```yaml
Projections:
@ -101,7 +101,7 @@ or [for PostgreSQL](https://www.postgresql.org/docs/current/admin.html).
## Data Initialization
- You can configure instance defaults in the DefaultInstance section.
If you plan to eventually create [multiple virtual instances](/docs/concepts/structure/instance#multiple-virtual-instances), these defaults take effect.
If you plan to eventually create [multiple virtual instances](/concepts/structure/instance#multiple-virtual-instances), these defaults take effect.
Also, these configurations apply to the first instance, that ZITADEL automatically creates for you.
Especially the following properties are of special interest for your production setup.
@ -126,7 +126,7 @@ DefaultInstance:
FromName:
```
- If you don't want to use the DefaultInstance configuration for the first instance that ZITADEL automatically creates for you during the [setup phase](/docs/guides/manage/self-hosted/configure#database-initialization), you can provide a FirstInstance YAML section using the --steps argument.
- Learn how to configure ZITADEL via the [Console user interface](/docs/guides/manage/console/overview).
- Probably, you also want to [apply your custom branding](/docs/guides/manage/customize/branding), [hook into certain events](/docs/guides/manage/customize/behavior), [customize texts](/docs/guides/manage/customize/texts) or [add metadata to your users](/docs/guides/manage/customize/user-metadata).
- If you want to automatically create ZITADEL resources, you can use the [ZITADEL Terraform Provider](/docs/guides/manage/terraform/basics).
- If you don't want to use the DefaultInstance configuration for the first instance that ZITADEL automatically creates for you during the [setup phase](/guides/manage/self-hosted/configure#database-initialization), you can provide a FirstInstance YAML section using the --steps argument.
- Learn how to configure ZITADEL via the [Console user interface](/guides/manage/console/overview).
- Probably, you also want to [apply your custom branding](/guides/manage/customize/branding), [hook into certain events](/guides/manage/customize/behavior), [customize texts](/guides/manage/customize/texts) or [add metadata to your users](/guides/manage/customize/user-metadata).
- If you want to automatically create ZITADEL resources, you can use the [ZITADEL Terraform Provider](/guides/manage/terraform/basics).

2
docs/docs/guides/manage/self-hosted/reverseproxy/_cloudflare.mdx
View File

@ -3,7 +3,7 @@
- [Make sure HTTP/2 is enabled](https://support.cloudflare.com/hc/en-us/articles/200168076-Understanding-Cloudflare-HTTP-2-and-HTTP-3-Support)
- [Verify that gRPC is enabled](https://support.cloudflare.com/hc/en-us/articles/360050483011-Understanding-Cloudflare-gRPC-support)
- [Verify that traffic is proxied through cloudflare](https://developers.cloudflare.com/dns/manage-dns-records/reference/proxied-dns-records/)
- [Configure ZITADEL to use the TLS Mode enabled](/docs/guides/manage/self-hosted/tls_modes#enabled)
- [Configure ZITADEL to use the TLS Mode enabled](/guides/manage/self-hosted/tls_modes#enabled)
:::info
[Cloudflare does only support gRPC with TLS!](https://support.cloudflare.com/hc/en-us/articles/360050483011-Understanding-Cloudflare-gRPC-support)

4
docs/docs/guides/manage/self-hosted/reverseproxy/_more.mdx
View File

@ -1,4 +1,4 @@
## More information
- [You can read here about the TLS Modes](/docs/guides/manage/self-hosted/tls_modes)
- [And here about how ZITADEL makes use of HTTP/2](/docs/guides/manage/self-hosted/http2)
- [You can read here about the TLS Modes](/guides/manage/self-hosted/tls_modes)
- [And here about how ZITADEL makes use of HTTP/2](/guides/manage/self-hosted/http2)

2
docs/docs/guides/manage/self-hosted/tls_modes.mdx
View File

@ -55,4 +55,4 @@ Be aware this is not a secure setup and should only be used for test systems!
## HTTP/2
To allow ZITADEL to function properly please make sure that HTTP/2 is enabled. If you are using the mode `external` or `disabled` make sure to verify h2c compatibilty.
You can read more about how ZITADEL utilizes in our [HTTP/2 docs](/docs/guides/manage/self-hosted/http2).
You can read more about how ZITADEL utilizes in our [HTTP/2 docs](/guides/manage/self-hosted/http2).

2
docs/docs/guides/solution-scenarios/b2c.mdx
View File

@ -80,7 +80,7 @@ We'd appreciate if you could contribute to our repo with translations of your la
> Note that your console design changes to your design too
</div>
<img src="/img/guides/branding.jpeg" alt="branding in console"/>
<img src="/docs/img/guides/branding.jpeg" alt="branding in console"/>
</Column>
### Projects and applications

2
docs/docs/guides/start/_zitadel_cloud.mdx
View File

@ -20,7 +20,7 @@ Here you can manage all your different instances, subscriptions and billing data
2. Click sign in
3. Use your ZITADEL Cloud user
Find out more about the Customer Portal [here](/docs/guides/manage/cloud/overview).
Find out more about the Customer Portal [here](/guides/manage/cloud/overview).
## Create a new instance

2
docs/docs/legal/data-processing-agreement.mdx
View File

@ -33,7 +33,7 @@ The Processor is responsible for taking appropriate technical and organizational
### Bound by directions
The Processor processes personal data in accordance with its privacy policy (cf. [Privacy Policy](/docs/legal/privacy-policy)) and on the documented directions of the Customer. The initial direction result from the Agreement. Subsequent instructions shall be given either in writing, whereby e-mail shall suffice, or orally with immediate written confirmation.
The Processor processes personal data in accordance with its privacy policy (cf. [Privacy Policy](/legal/privacy-policy)) and on the documented directions of the Customer. The initial direction result from the Agreement. Subsequent instructions shall be given either in writing, whereby e-mail shall suffice, or orally with immediate written confirmation.
If the Processor is of the opinion that a direction of the Customer violates the Agreement, the GDPR or other data protection provisions of the EU, EU Member States or Switzerland, it shall inform the Customer thereof and shall be entitled to suspend the Processing until the instruction is withdrawn or confirmed.

2
docs/docs/legal/rate-limit-policy.md
View File

@ -23,7 +23,7 @@ You should consider to implement [exponential backoff](https://en.wikipedia.org/
## What rate limits do apply
For ZITADEL Cloud, we have a rate limiting rule for login paths (login, register and reset features) and for API paths each. Learn more about [the exact rules](/docs/apis/ratelimits).
For ZITADEL Cloud, we have a rate limiting rule for login paths (login, register and reset features) and for API paths each. Learn more about [the exact rules](/apis/ratelimits).
## Load Testing

15
docs/docusaurus.config.js
View File

@ -2,8 +2,8 @@
module.exports = {
title: "ZITADEL Docs",
trailingSlash: false,
url: "https://docs.zitadel.com",
baseUrl: "/",
url: "https://zitadel.com",
baseUrl: "/docs/",
onBrokenLinks: "throw",
onBrokenMarkdownLinks: "warn",
favicon: "img/favicon.ico",
@ -11,11 +11,11 @@ module.exports = {
projectName: "zitadel",
scripts: [
{
src: "/proxy/js/script.js",
src: "/docs/proxy/js/script.js",
async: true,
defer: true,
"data-domain": "docs.zitadel.com",
"data-api": "/proxy/api/event",
"data-domain": "zitadel.com",
"data-api": "/docs/proxy/api/event",
},
],
customFields: {
@ -135,11 +135,11 @@ module.exports = {
items: [
{
label: "Terms and Conditions",
href: "/docs/legal/terms-of-service",
href: "/legal/terms-of-service",
},
{
label: "Privacy Policy",
href: "/docs/legal/privacy-policy",
href: "/legal/privacy-policy",
},
],
},
@ -191,6 +191,7 @@ module.exports = {
"@docusaurus/preset-classic",
{
docs: {
routeBasePath: "/",
sidebarPath: require.resolve("./sidebars.js"),
showLastUpdateAuthor: true,
showLastUpdateTime: true,

12
docs/netlify.toml
View File

@ -1,6 +1,14 @@
[build]
command = "npm run build"
# This is a workaround to address the problem around the baseUrl from docusaurus
# Be aware that this prevents the usage of the path /docs/docs
[[redirects]]
from = "/docs/*"
to = "/:splat"
status = 200
force = true
[[redirects]]
from = "/proxy/js/script.js"
to = "https://plausible.io/js/script.outbound-links.js"
@ -22,6 +30,6 @@
preload'''
[[redirects]]
from = "/docs/quickstarts/introduction"
to = "/docs/examples/introduction"
from = "/quickstarts/introduction"
to = "/examples/introduction"
status = 301

2
docs/src/components/card.jsx
View File

@ -10,7 +10,7 @@ export function Card({ link, githubLink, imageSource, title, description, label}
{description && <p className={styles.card.description}>{description}</p>}
<span className={styles.fillspace}></span>
<div className={styles.bottom}>
<img className={styles.bottomicon} src="/img/tech/github.svg" alt="github"/>
<img className={styles.bottomicon} src="/docs/img/tech/github.svg" alt="github"/>
<span className={styles.bottomspan}>{label}</span>
</div>
</a>

62
docs/src/pages/index.js
View File

@ -20,7 +20,7 @@ const features = [
title: "Guides",
darkImageUrl: "img/index/Guides-dark.svg",
lightImageUrl: "img/index/Guides-light.svg",
link: "docs/guides/overview",
link: "guides/overview",
description: (
<>
Read our guides on how to manage your data and role associations in
@ -32,25 +32,25 @@ const features = [
<Column>
<div>
<ListElement
link="docs/guides/start/quickstart"
link="guides/start/quickstart"
type={ICONTYPE.START}
title="Get started"
description=""
/>
<ListElement
link="docs/guides/manage/cloud/overview"
link="guides/manage/cloud/overview"
type={ICONTYPE.LOGIN}
title="ZITADEL Cloud"
description=""
/>
<ListElement
link="docs/guides/integrate/login-users"
link="guides/integrate/login-users"
type={ICONTYPE.LOGIN}
title="Login Users"
description=""
/>
<ListElement
link="docs/guides/integrate/access-zitadel-apis"
link="guides/integrate/access-zitadel-apis"
type={ICONTYPE.APIS}
title="Access APIs"
description=""
@ -58,7 +58,7 @@ const features = [
</div>
<div>
<ListElement
link="docs/guides/solution-scenarios/introduction"
link="guides/solution-scenarios/introduction"
iconClasses="las la-paragraph"
roundClasses="custom-rounded custom-rounded-split"
label="B2C"
@ -66,19 +66,19 @@ const features = [
description=""
/>
<ListElement
link="docs/guides/manage/customize/branding"
link="guides/manage/customize/branding"
type={ICONTYPE.PRIVATELABELING}
title="Customization"
description=""
/>
<ListElement
link="docs/guides/deploy/overview"
link="guides/deploy/overview"
type={ICONTYPE.SYSTEM}
title="Deploy"
description=""
/>
<ListElement
link="docs/guides/trainings/introduction"
link="guides/trainings/introduction"
type={ICONTYPE.STORAGE}
title="Trainings"
description=""
@ -90,9 +90,9 @@ const features = [
},
{
title: "Quickstarts",
darkImageUrl: "img/index/Quickstarts-dark.svg",
darkImageUrl: "/docs/img/index/Quickstarts-dark.svg",
lightImageUrl: "img/index/Quickstarts-light.svg",
link: "docs/examples/introduction",
link: "examples/introduction",
description: (
<>
Learn how to integrate your applications and build secure workflows and
@ -102,27 +102,27 @@ const features = [
content: (
<div className={styles.quickstartcontainer}>
<QuickstartLink
link="/docs/examples/login/angular"
imageSource="/img/tech/angular.svg"
link="/examples/login/angular"
imageSource="/docs/img/tech/angular.svg"
title="Angular"
description="Add the user login to your application and query some data from the userinfo endpoint"
/>
<QuickstartLink
link="/docs/examples/login/react"
imageSource="/img/tech/react.png"
link="/examples/login/react"
imageSource="/docs/img/tech/react.png"
title="React"
description="Logs into your application and queries some data from the userinfo endpoint"
/>
<QuickstartLink
link="/docs/examples/login/flutter"
imageSource="/img/tech/flutter.svg"
link="/examples/login/flutter"
imageSource="/docs/img/tech/flutter.svg"
title="Flutter"
description="Mobile Application working for iOS and Android that authenticates your user."
/>
<QuickstartLink
link="/docs/examples/login/nextjs"
imageSource="/img/tech/nextjslight.svg"
lightImageSource="/img/tech/nextjs.svg"
link="/examples/login/nextjs"
imageSource="/docs/img/tech/nextjslight.svg"
lightImageSource="/docs/img/tech/nextjs.svg"
title="NextJS"
description="A simple application to log into your user account and query some data from User endpoint."
/>
@ -131,9 +131,9 @@ const features = [
},
{
title: "APIs",
darkImageUrl: "img/index/APIs-dark.svg",
lightImageUrl: "img/index/APIs-light.svg",
link: "/docs/apis/introduction",
darkImageUrl: "/docs/img/index/APIs-dark.svg",
lightImageUrl: "/docs/img/index/APIs-light.svg",
link: "/apis/introduction",
description: (
<>Learn more about our APIs and how to integrate them in your apps.</>
),
@ -141,13 +141,13 @@ const features = [
<div className={styles.apilinks}>
<ListWrapper>
<ListElement
link="./docs/apis/proto/auth"
link="./apis/proto/auth"
type={ICONTYPE.APIS}
title="Proto Definitions"
description=""
/>
<ListElement
link="./docs/apis/openidoauth/endpoints"
link="./apis/openidoauth/endpoints"
type={ICONTYPE.APIS}
title="OpenID Connect and OAuth"
description="Scopes, Claims, Authentication Methods, Grant Types"
@ -160,7 +160,7 @@ const features = [
title: "Concepts",
darkImageUrl: "img/index/Concepts-dark.svg",
lightImageUrl: "img/index/Concepts-light.svg",
link: "docs/concepts/introduction",
link: "concepts/introduction",
description: (
<>
Learn more about engineering and design principles, ZITADELs
@ -170,19 +170,19 @@ const features = [
content: (
<ListWrapper>
<ListElement
link="./docs/concepts/principles"
link="./concepts/principles"
type={ICONTYPE.TASKS}
title="Principles"
description="Design and engineering principles"
/>
<ListElement
link="./docs/concepts/architecture/software"
link="./concepts/architecture/software"
type={ICONTYPE.ARCHITECTURE}
title="Architecture"
description="Sotware-, Cluster- and Multi Cluster Architecture"
/>
<ListElement
link="./docs/concepts/structure/overview"
link="./concepts/structure/overview"
type={ICONTYPE.ARCHITECTURE}
title="Structure"
description="Object structure of ZITADEL"
@ -257,7 +257,7 @@ const Gigi = () => {
return (
<div className={styles.gigiwrapper}>
<div className={styles.gigiwrapperrelative}>
<img height="151px" width="256px" src="/img/gigi.svg" />
<img height="151px" width="256px" src="/docs/img/gigi.svg" />
<div className={styles.gigibanner}>ZITADEL Cloud OUT NOW! 🚀</div>
</div>
</div>
@ -279,7 +279,7 @@ export default function Home() {
"button button--outline button--lg get-started",
styles.getStarted
)}
to={useBaseUrl("docs/guides/start/quickstart")}
to={useBaseUrl("guides/start/quickstart")}
>
Get Started
</Link>