TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 20:27:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: deprecated api calls for v3

Browse Source
This commit is contained in:
Stefan Benz
2025-06-23 11:16:40 +02:00
parent 3a4298c179
commit 1092caaceb
2 changed files with 1 additions and 424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
proto/zitadel/management.proto
View File

@@ -493,8 +493,6 @@ service ManagementService {
// Create User (Machine) // Create User (Machine)
// //
// Deprecated: use [user service v2 CreateUser](apis/resources/user_service_v2/user-service-create-user.api.mdx) to create a user of type machine instead.
//
// Create a new user with the type machine for your API, service or device. These users are used for non-interactive authentication flows. // Create a new user with the type machine for your API, service or device. These users are used for non-interactive authentication flows.
rpc AddMachineUser(AddMachineUserRequest) returns (AddMachineUserResponse) { rpc AddMachineUser(AddMachineUserRequest) returns (AddMachineUserResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -507,7 +505,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -693,8 +690,6 @@ service ManagementService {
// Change user name // Change user name
// //
// Deprecated: use [user service v2 UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
//
// Change the username of the user. Be aware that the user has to log in with the newly added username afterward // Change the username of the user. Be aware that the user has to log in with the newly added username afterward
rpc UpdateUserName(UpdateUserNameRequest) returns (UpdateUserNameResponse) { rpc UpdateUserName(UpdateUserNameRequest) returns (UpdateUserNameResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -708,7 +703,6 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Users"; tags: "Users";
deprecated: true;
responses: { responses: {
key: "200" key: "200"
value: { value: {
@@ -1124,8 +1118,6 @@ service ManagementService {
// Update User Phone (Human) // Update User Phone (Human)
// //
// Deprecated: use [user service v2 SetPhone](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
//
// Change the phone number of a user. If the state is set to not verified, the user will get an SMS to verify (if a notification provider is configured). The phone number is only for informational purposes and to send messages, not for Authentication (2FA). // Change the phone number of a user. If the state is set to not verified, the user will get an SMS to verify (if a notification provider is configured). The phone number is only for informational purposes and to send messages, not for Authentication (2FA).
rpc UpdateHumanPhone(UpdateHumanPhoneRequest) returns (UpdateHumanPhoneResponse) { rpc UpdateHumanPhone(UpdateHumanPhoneRequest) returns (UpdateHumanPhoneResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -1140,7 +1132,6 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "Users"; tags: "Users";
tags: "User Human"; tags: "User Human";
deprecated: true;
responses: { responses: {
key: "200" key: "200"
value: { value: {
@@ -1656,8 +1647,6 @@ service ManagementService {
// Update Machine User // Update Machine User
// //
// Deprecated: use [user service v2 UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) to update a user of type machine instead.
//
// Change a service account/machine user. It is used for accounts with non-interactive authentication possibilities. // Change a service account/machine user. It is used for accounts with non-interactive authentication possibilities.
rpc UpdateMachine(UpdateMachineRequest) returns (UpdateMachineResponse) { rpc UpdateMachine(UpdateMachineRequest) returns (UpdateMachineResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -1670,7 +1659,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -1692,8 +1680,6 @@ service ManagementService {
// Create Secret for Machine User // Create Secret for Machine User
// //
// Deprecated: use [user service v2 AddSecret](apis/resources/user_service_v2/user-service-add-secret.api.mdx) instead.
//
// Create a new secret for a machine user/service account. It is used to authenticate the user (client credential grant). // Create a new secret for a machine user/service account. It is used to authenticate the user (client credential grant).
rpc GenerateMachineSecret(GenerateMachineSecretRequest) returns (GenerateMachineSecretResponse) { rpc GenerateMachineSecret(GenerateMachineSecretRequest) returns (GenerateMachineSecretResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -1706,7 +1692,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -1728,8 +1713,6 @@ service ManagementService {
// Delete Secret of Machine User // Delete Secret of Machine User
// //
// Deprecated: use [user service v2 RemoveSecret](apis/resources/user_service_v2/user-service-remove-secret.api.mdx) instead.
//
// Delete a secret of a machine user/service account. The user will not be able to authenticate with the secret afterward. // Delete a secret of a machine user/service account. The user will not be able to authenticate with the secret afterward.
rpc RemoveMachineSecret(RemoveMachineSecretRequest) returns (RemoveMachineSecretResponse) { rpc RemoveMachineSecret(RemoveMachineSecretRequest) returns (RemoveMachineSecretResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -1741,7 +1724,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -1763,8 +1745,6 @@ service ManagementService {
// Get Machine user Key By ID // Get Machine user Key By ID
// //
// Deprecated: use [user service v2 ListKeys](apis/resources/user_service_v2/user-service-list-keys.api.mdx) instead.
//
// Get a specific Key of a machine user by its id. Machine keys are used to authenticate with jwt profile authentication. // Get a specific Key of a machine user by its id. Machine keys are used to authenticate with jwt profile authentication.
rpc GetMachineKeyByIDs(GetMachineKeyByIDsRequest) returns (GetMachineKeyByIDsResponse) { rpc GetMachineKeyByIDs(GetMachineKeyByIDsRequest) returns (GetMachineKeyByIDsResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -1776,7 +1756,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -1796,9 +1775,7 @@ service ManagementService {
}; };
} }
// Get Machine user Key By ID // List Machine Keys
//
// Deprecated: use [user service v2 ListKeys](apis/resources/user_service_v2/user-service-list-keys.api.mdx) instead.
// //
// Get the list of keys of a machine user. Machine keys are used to authenticate with jwt profile authentication. // Get the list of keys of a machine user. Machine keys are used to authenticate with jwt profile authentication.
rpc ListMachineKeys(ListMachineKeysRequest) returns (ListMachineKeysResponse) { rpc ListMachineKeys(ListMachineKeysRequest) returns (ListMachineKeysResponse) {
@@ -1812,7 +1789,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -1834,8 +1810,6 @@ service ManagementService {
// Create Key for machine user // Create Key for machine user
// //
// Deprecated: use [user service v2 AddKey](apis/resources/user_service_v2/user-service-add-key.api.mdx) instead.
//
// If a public key is not supplied, a new key is generated and will be returned in the response. // If a public key is not supplied, a new key is generated and will be returned in the response.
// Make sure to store the returned key. // Make sure to store the returned key.
// If an RSA public key is supplied, the private key is omitted from the response. // If an RSA public key is supplied, the private key is omitted from the response.
@@ -1851,7 +1825,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -1873,8 +1846,6 @@ service ManagementService {
// Delete Key for machine user // Delete Key for machine user
// //
// Deprecated: use [user service v2 RemoveKey](apis/resources/user_service_v2/user-service-remove-key.api.mdx) instead.
//
// Delete a specific key from a user. // Delete a specific key from a user.
// The user will not be able to authenticate with that key afterward. // The user will not be able to authenticate with that key afterward.
rpc RemoveMachineKey(RemoveMachineKeyRequest) returns (RemoveMachineKeyResponse) { rpc RemoveMachineKey(RemoveMachineKeyRequest) returns (RemoveMachineKeyResponse) {
@@ -1887,7 +1858,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -1909,8 +1879,6 @@ service ManagementService {
// Get Personal-Access-Token (PAT) by ID // Get Personal-Access-Token (PAT) by ID
// //
// Deprecated: use [user service v2 ListPersonalAccessTokens](apis/resources/user_service_v2/user-service-list-personal-access-tokens.api.mdx) instead.
//
// Returns the PAT for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header. // Returns the PAT for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header.
rpc GetPersonalAccessTokenByIDs(GetPersonalAccessTokenByIDsRequest) returns (GetPersonalAccessTokenByIDsResponse) { rpc GetPersonalAccessTokenByIDs(GetPersonalAccessTokenByIDsRequest) returns (GetPersonalAccessTokenByIDsResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -1922,7 +1890,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -1944,8 +1911,6 @@ service ManagementService {
// List Personal-Access-Tokens (PATs) // List Personal-Access-Tokens (PATs)
// //
// Deprecated: use [user service v2 ListPersonalAccessTokens](apis/resources/user_service_v2/user-service-list-personal-access-tokens.api.mdx) instead.
//
// Returns a list of PATs for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header. // Returns a list of PATs for a user, currently only available for machine users/service accounts. PATs are ready-to-use tokens and can be sent directly in the authentication header.
rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse) { rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -1958,7 +1923,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -1980,8 +1944,6 @@ service ManagementService {
// Create a Personal-Access-Token (PAT) // Create a Personal-Access-Token (PAT)
// //
// Deprecated: use [user service v2 AddPersonalAccessToken](apis/resources/user_service_v2/user-service-add-personal-access-token.api.mdx) instead.
//
// Generates a new PAT for the user. Currently only available for machine users. // Generates a new PAT for the user. Currently only available for machine users.
// The token will be returned in the response, make sure to store it. // The token will be returned in the response, make sure to store it.
// PATs are ready-to-use tokens and can be sent directly in the authentication header. // PATs are ready-to-use tokens and can be sent directly in the authentication header.
@@ -1996,7 +1958,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {
@@ -2018,8 +1979,6 @@ service ManagementService {
// Remove a Personal-Access-Token (PAT) by ID // Remove a Personal-Access-Token (PAT) by ID
// //
// Deprecated: use [user service v2 RemovePersonalAccessToken](apis/resources/user_service_v2/user-service-remove-personal-access-token.api.mdx) instead.
//
// Delete a PAT from a user. Afterward, the user will not be able to authenticate with that token anymore. // Delete a PAT from a user. Afterward, the user will not be able to authenticate with that token anymore.
rpc RemovePersonalAccessToken(RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) { rpc RemovePersonalAccessToken(RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -2031,7 +1990,6 @@ service ManagementService {
}; };
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
deprecated: true;
tags: "Users"; tags: "Users";
tags: "User Machine"; tags: "User Machine";
responses: { responses: {

381
proto/zitadel/user/v2/user_service.proto
View File

@@ -126,51 +126,8 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
service UserService { service UserService {
// Create a User
//
// Create a new human or machine user in the specified organization.
//
// Required permission:
// - user.write
rpc CreateUser (CreateUserRequest) returns (CreateUserResponse) {
option (google.api.http) = {
// The /new path segment does not follow Zitadels API design.
// The only reason why it is used here is to avoid a conflict with the ListUsers endpoint, which already handles POST /v2/users.
post: "/v2/users/new"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200"
value: {
description: "OK";
}
};
responses: {
key: "409"
value: {
description: "The user already exists.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
}
};
};
}
// Create a new human user // Create a new human user
// //
// Deprecated: Use [CreateUser](apis/resources/user_service_v2/user-service-create-user.api.mdx) to create a new user of type human instead.
//
// Create/import a new user with the type human. The newly created user will get a verification email if either the email address is not marked as verified and you did not request the verification to be returned. // Create/import a new user with the type human. The newly created user will get a verification email if either the email address is not marked as verified and you did not request the verification to be returned.
rpc AddHumanUser (AddHumanUserRequest) returns (AddHumanUserResponse) { rpc AddHumanUser (AddHumanUserRequest) returns (AddHumanUserResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -270,8 +227,6 @@ service UserService {
// Change the user email // Change the user email
// //
// Deprecated: [Update the users email field](apis/resources/user_service_v2/user-service-update-user.api.mdx).
//
// Change the email address of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by email.. // Change the email address of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by email..
rpc SetEmail (SetEmailRequest) returns (SetEmailResponse) { rpc SetEmail (SetEmailRequest) returns (SetEmailResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -393,8 +348,6 @@ service UserService {
// Set the user phone // Set the user phone
// //
// Deprecated: [Update the users phone field](apis/resources/user_service_v2/user-service-update-user.api.mdx).
//
// Set the phone number of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by sms.. // Set the phone number of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by sms..
rpc SetPhone(SetPhoneRequest) returns (SetPhoneResponse) { rpc SetPhone(SetPhoneRequest) returns (SetPhoneResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -427,8 +380,6 @@ service UserService {
// Delete the user phone // Delete the user phone
// //
// Deprecated: [Update the users phone field](apis/resources/user_service_v2/user-service-update-user.api.mdx) to remove the phone number.
//
// Delete the phone number of a user. // Delete the phone number of a user.
rpc RemovePhone(RemovePhoneRequest) returns (RemovePhoneResponse) { rpc RemovePhone(RemovePhoneRequest) returns (RemovePhoneResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -519,63 +470,8 @@ service UserService {
}; };
} }
// Update a User
//
// Partially update an existing user.
// If you change the users email or phone, you can specify how the ownership should be verified.
// If you change the users password, you can specify if the password should be changed again on the users next login.
//
// Required permission:
// - user.write
rpc UpdateUser(UpdateUserRequest) returns (UpdateUserResponse) {
option (google.api.http) = {
patch: "/v2/users/{user_id}"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200"
value: {
description: "OK";
}
};
responses: {
key: "404";
value: {
description: "User ID does not exist.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
}
}
responses: {
key: "409"
value: {
description: "The user already exists.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
}
};
};
}
// Update Human User // Update Human User
// //
// Deprecated: Use [UpdateUser](apis/resources/user_service_v2/user-service-update-user.api.mdx) to update a user of type human instead.
//
// Update all information from a user.. // Update all information from a user..
rpc UpdateHumanUser(UpdateHumanUserRequest) returns (UpdateHumanUserResponse) { rpc UpdateHumanUser(UpdateHumanUserRequest) returns (UpdateHumanUserResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -1378,8 +1274,6 @@ service UserService {
// Change password // Change password
// //
// Deprecated: [Update the users password](apis/resources/user_service_v2/user-service-update-user.api.mdx) instead.
//
// Change the password of a user with either a verification code or the current password.. // Change the password of a user with either a verification code or the current password..
rpc SetPassword (SetPasswordRequest) returns (SetPasswordResponse) { rpc SetPassword (SetPasswordRequest) returns (SetPasswordResponse) {
option (google.api.http) = { option (google.api.http) = {
@@ -1584,281 +1478,6 @@ service UserService {
} }
}; };
} }
// Add a Users Secret
//
// Generates a client secret for the user.
// The client id is the users username.
// If the user already has a secret, it is overwritten.
// Only users of type machine can have a secret.
//
// Required permission:
// - user.write
rpc AddSecret(AddSecretRequest) returns (AddSecretResponse) {
option (google.api.http) = {
post: "/v2/users/{user_id}/secret"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200"
value: {
description: "The secret was successfully generated.";
}
};
responses: {
key: "404"
value: {
description: "The user ID does not exist.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
}
};
};
}
// Remove a Users Secret
//
// Remove the current client ID and client secret from a machine user.
//
// Required permission:
// - user.write
rpc RemoveSecret(RemoveSecretRequest) returns (RemoveSecretResponse) {
option (google.api.http) = {
delete: "/v2/users/{user_id}/secret"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200"
value: {
description: "The secret was either successfully removed or it didn't exist in the first place.";
}
};
};
}
// Add a Key
//
// Add a keys that can be used to securely authenticate at the Zitadel APIs using JWT profile authentication using short-lived tokens.
// Make sure you store the returned key safely, as you won't be able to read it from the Zitadel API anymore.
// Only users of type machine can have keys.
//
// Required permission:
// - user.write
rpc AddKey(AddKeyRequest) returns (AddKeyResponse) {
option (google.api.http) = {
post: "/v2/users/{user_id}/keys"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200"
value: {
description: "The key was successfully created.";
}
};
responses: {
key: "404"
value: {
description: "The user ID does not exist.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
}
};
};
}
// Remove a Key
//
// Remove a machine users key by the given key ID and an optionally given user ID.
//
// Required permission:
// - user.write
rpc RemoveKey(RemoveKeyRequest) returns (RemoveKeyResponse) {
option (google.api.http) = {
delete: "/v2/users/{user_id}/keys/{key_id}"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200"
value: {
description: "The key was either successfully removed or it not found in the first place.";
}
};
};
}
// Search Keys
//
// List all matching keys. By default all keys of the instance on which the caller has permission to read the owning users are returned.
// Make sure to include a limit and sorting for pagination.
//
// Required permission:
// - user.read
rpc ListKeys(ListKeysRequest) returns (ListKeysResponse) {
option (google.api.http) = {
post: "/v2/users/keys/search"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
value: {
description: "A list of all machine user keys matching the query";
};
};
responses: {
key: "400";
value: {
description: "invalid list query";
};
};
};
}
// Add a Personal Access Token
//
// Personal access tokens (PAT) are the easiest way to authenticate to the Zitadel APIs.
// Make sure you store the returned PAT safely, as you won't be able to read it from the Zitadel API anymore.
// Only users of type machine can have personal access tokens.
//
// Required permission:
// - user.write
rpc AddPersonalAccessToken(AddPersonalAccessTokenRequest) returns (AddPersonalAccessTokenResponse) {
option (google.api.http) = {
post: "/v2/users/{user_id}/pats"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200"
value: {
description: "The personal access token was successfully created.";
}
};
responses: {
key: "404"
value: {
description: "The user ID does not exist.";
schema: {
json_schema: {
ref: "#/definitions/rpcStatus";
};
};
}
};
};
}
// Remove a Personal Access Token
//
// Removes a machine users personal access token by the given token ID and an optionally given user ID.
//
// Required permission:
// - user.write
rpc RemovePersonalAccessToken(RemovePersonalAccessTokenRequest) returns (RemovePersonalAccessTokenResponse) {
option (google.api.http) = {
delete: "/v2/users/{user_id}/pats/{token_id}"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200"
value: {
description: "The personal access token was either successfully removed or it was not found in the first place.";
}
};
};
}
// Search Personal Access Tokens
//
// List all personal access tokens. By default all personal access tokens of the instance on which the caller has permission to read the owning users are returned.
// Make sure to include a limit and sorting for pagination.
//
// Required permission:
// - user.read
rpc ListPersonalAccessTokens(ListPersonalAccessTokensRequest) returns (ListPersonalAccessTokensResponse) {
option (google.api.http) = {
post: "/v2/users/pats/search"
body: "*"
};
option (zitadel.protoc_gen_zitadel.v2.options) = {
auth_option: {
permission: "authenticated"
}
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
responses: {
key: "200";
value: {
description: "A list of all personal access tokens matching the query";
};
};
responses: {
key: "400";
value: {
description: "invalid list query";
};
};
};
}
} }
message AddHumanUserRequest{ message AddHumanUserRequest{