Merge branch 'main' into integration-tests

2024-12-12 02:54:20 +00:00 · 2023-05-04 09:11:59 +02:00 · 2023-05-04 09:11:59 +02:00 · 11f0f54ce5
commit 11f0f54ce5
parent 5f0c1b5290 59fb58b185
10 changed files with 95 additions and 16 deletions
--- a/docs/docs/apis/ratelimits/ratelimits.md
+++ b/docs/docs/apis/ratelimits/ratelimits.md
@ -1,10 +0,0 @@
---
-title: ZITADEL Cloud Rate Limits
---
-
-Rate limits are implemented according to our [rate limit policy](/legal/rate-limit-policy.md) with the following rules:
-
-| Path                     | Description                            | Rate Limiting                        | One Minute Banning                     |
-|--------------------------|----------------------------------------|--------------------------------------|----------------------------------------|
-| /ui/login*               | Global Login, Register and Reset Limit | 10 requests per second over a minute | 15 requests per second over 3 minutes |
-| All other paths | All gRPC- and REST APIs as well as the ZITADEL Customer Portal | 10 requests per second over a minute       | 10 requests per second over 3 minutes   |
--- a/docs/docs/concepts/structure/instance.mdx
+++ b/docs/docs/concepts/structure/instance.mdx
@ -14,6 +14,8 @@ which in turn can represent your own company (e.g. departments), your business c

 Read more about how to configure your instance in our [instance guide](/guides/manage/console/instance-settings).

+![Two instances with each organizations in it using the same database](/img/concepts/objects/instances.png)
+
 ## Multiple Virtual Instances

 ZITADEL has the concept of virtual instances.
--- a/docs/docs/examples/call-zitadel-api/dot-net.md
+++ b/docs/docs/examples/call-zitadel-api/dot-net.md
@ -17,7 +17,7 @@ All that is required, is a service account with an Org Owner (or another role, d
 However, we recommend you read the guide on [how to access ZITADEL API](../../guides/integrate/access-zitadel-apis) and the associated guides for a basic knowledge of :

 - [Recommended Authorization Flows](../../guides/integrate/oauth-recommended-flows.md)
- - [Service Users](../../guides/integrate/serviceusers.md)
+ - [Service Users](../../guides/integrate/serviceusers)

 > Be sure to have a valid key JSON and that its service account is either ORG_OWNER or at least ORG_OWNER_VIEWER before you continue with this guide.

--- a/docs/docs/examples/call-zitadel-api/go.md
+++ b/docs/docs/examples/call-zitadel-api/go.md
@ -14,7 +14,7 @@ All that is required, is a service account with an Org Owner (or another role, d

 However, we recommend you read the guide on [how to access ZITADEL API](../../guides/integrate/access-zitadel-apis) and the associated guides for a basic knowledge of :
 - [Recommended Authorization Flows](../../guides/integrate/oauth-recommended-flows.md)
- - [Service Users](../../guides/integrate/serviceusers.md)
+ - [Service Users](../../guides/integrate/serviceusers)

 > Be sure to have a valid key JSON and that its service account is either ORG_OWNER or at least ORG_OWNER_VIEWER before you continue with this guide.

--- a/docs/docs/guides/integrate/access-zitadel-apis.md
+++ b/docs/docs/guides/integrate/access-zitadel-apis.md
@ -19,7 +19,7 @@ On each level we have some different Roles. Here you can find more about the dif

 ## Add ORG_OWNER to Service User

-Make sure you have a Service User with a Key. (For more detailed informations about creating a service user go to [Service User](serviceusers.md))
+Make sure you have a Service User with a Key. (For more detailed informations about creating a service user go to [Service User](serviceusers))

 1. Navigate to Organization Detail
 2. Click the **+** button in the right part of console, in the managers part of details
@ -31,7 +31,7 @@ Make sure you have a Service User with a Key. (For more detailed informations ab
 ## Authenticating a service user

 In ZITADEL we use the `urn:ietf:params:oauth:grant-type:jwt-bearer` (**“JWT bearer token with private key”**, [RFC7523](https://tools.ietf.org/html/rfc7523)) authorization grant for this non-interactive authentication.
-This is already described in the [Service User](serviceusers.md), so make sure you follow this guide.
+This is already described in the [Service User](./serviceusers), so make sure you follow this guide.

 ### Request an OAuth token, with audience for ZITADEL

--- a/docs/docs/guides/integrate/private-key-jwt.md
+++ b/docs/docs/guides/integrate/private-key-jwt.md
@ -1,5 +1,5 @@
 ---
-title: Service Users
+title: Private Key JWT
 ---

 This is a guide on how to create service users in ZITADEL. You can read more about users [here](/concepts/structure/users.md).
--- a/docs/docs/support/advisory/a10000.md
+++ b/docs/docs/support/advisory/a10000.md
@ -0,0 +1,26 @@
+---
+title: Technical Advisory 10000
+---
+
+## Description
+
+Currently, by default, users are directed to the "Select Account Page" on the ZITADEL login. 
+However, this can be modified by including a [prompt or a login hint](/docs/apis/openidoauth/endpoints#additional-parameters) in the authentication request.
+
+As a result of this default behavior, users who already have an active session in one application and wish to log in to a second one will need to select their user account, even if no other session is active.
+
+To address this, we are going to change this behavior so that users will be automatically authenticated when logging into a second application, as long as they only have one active session.
+
+## Statement
+
+This behaviour change is tracked in the following issue: [Reuse current session if no prompt is selected ](https://github.com/zitadel/zitadel/issues/4841)
+As soon as the release version is published, we will include the version here.
+
+## Mitigation
+
+If you want to prompt users to always select their account on purpose, please make sure to include the `select_account` [prompt](/docs/apis/openidoauth/endpoints#additional-parameters) in your authentication request.
+
+## Impact
+
+Once this update has been released and deployed, your users will be automatically authenticated
+No action will be required on your part if this is the intended behavior.
--- a/docs/docs/support/technical_advisory.mdx
+++ b/docs/docs/support/technical_advisory.mdx
@ -0,0 +1,39 @@
+---
+title: Technical Advisory
+---
+
+Technical advisories are notices that report major issues with ZITADEL Self-Hosted or the ZITADEL Cloud platform that could potentially impact security or stability in production environments. 
+These advisories may include details about the nature of the issue, its potential impact, and recommended mitigation actions.
+
+Users are strongly encouraged to evaluate these advisories and consider the recommended mitigation actions independently from their version upgrade schedule. 
+We understand that these advisories may include breaking changes, and we aim to provide clear guidance on how to address these changes.
+
+
+<table>
+  <tr>
+    <th>Advisory</th>
+    <th>Name</th>
+    <th>Type</th>
+    <th>Summary</th>
+    <th>Affected versions</th>
+    <th>Date</th>
+  </tr>
+  <tr>
+    <td><a href="./advisory/a10000">A-10000</a></td>
+    <td>Reusing user session</td>
+    <td>Breaking Behaviour Change</td>
+    <td>The default behavior for users logging in is to be directed to the Select Account Page on the Login. With the upcoming changes, users will be automatically authenticated when logging into a second application, as long as they only have one active session. No action is required on your part if this is the intended behavior.</td>
+    <td>TBD</td>
+    <td>TBD</td>
+  </tr>
+</table>
+
+## Categories
+
+### Breaking Behaviour Change
+
+A breaking behavior change refers to a modification or update that changes the behavior of ZITADEL.
+This change does not necessarily affect the APIs or any functions you are calling, so it may not require an update to your code.
+However, if you rely on specific results or behaviors, they may no longer be guaranteed after the change is implemented.
+Therefore, it is important to be aware of breaking behavior changes and their potential impact on your use of ZITADEL, and to take appropriate action if needed to ensure continued functionality.
+
--- a/docs/sidebars.js
+++ b/docs/sidebars.js
@ -175,9 +175,16 @@ module.exports = {
            {
              type: "category",
              label: "Authenticate Service Users",
+              link: {
+                type: "generated-index",
+                title: "Authenticate Service Users",
+                slug: "/guides/integrate/serviceusers",
+                description:
+                  "How to authenticate service users",
+              },
              collapsed: true,
              items: [
-                "guides/integrate/serviceusers",
+                "guides/integrate/private-key-jwt",
                "guides/integrate/client-credentials",
                "guides/integrate/pat",
              ],
@ -303,6 +310,21 @@ module.exports = {
      collapsed: true,
      items: [
        "support/troubleshooting",
+        {
+          type: 'category',
+          label: "Technical Advisory",
+          link: {
+            type: 'doc',
+            id: 'support/technical_advisory',
+          },
+          collapsed: true,
+          items: [
+              {
+                type: 'autogenerated',
+                dirName: 'support/advisory',
+              },
+          ],
+        },
        {
          type: "category",
          label: "Trainings",
--- a/docs/static/img/concepts/objects/instances.png
+++ b/docs/static/img/concepts/objects/instances.png