TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 19:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Identity brokering (#730)

Browse Source 
* feat: add/ remove external idps

* feat: external idp add /remove

* fix: auth proto

* fix: handle login

* feat: loginpolicy on authrequest

* feat: idp providers on login

* feat: link external idp

* fix: check login policy on check username

* feat: add mapping fields for idp config

* feat: use user org id if existing

* feat: use user org id if existing

* feat: register external user

* feat: register external user

* feat: user linking

* feat: user linking

* feat: design external login

* feat: design external login

* fix: tests

* fix: regenerate login design

* feat: next step test linking process

* feat: next step test linking process

* feat: cascade remove external idps on user

* fix: tests

* fix: tests

* feat: external idp requsts on users

* fix: generate protos

* feat: login styles

* feat: login styles

* fix: link user

* fix: register user on specifig org

* fix: user linking

* fix: register external, linking auto

* fix: remove unnecessary request from proto

* fix: tests

* fix: new oidc package

* fix: migration version

* fix: policy permissions

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/static/i18n/en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/renderer.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* Update internal/ui/login/handler/renderer.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr requests

* Update internal/ui/login/handler/link_users_handler.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: pr requests

* fix: pr requests

* fix: pr requests

* fix: login name size

* fix: profile image light

* fix: colors

* fix: pr requests

* fix: remove redirect uri validator

* fix: remove redirect uri validator

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
2020-09-18 13:26:28 +02:00
committed by GitHub
parent 1d542a0c57
commit 320ddfa46d
141 changed files with 30057 additions and 12535 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/grpc/auth/auth.pb.authoptions.go
View File

@@ -114,6 +114,16 @@ var AuthService_AuthMethods = authz.MethodMapping{
CheckParam: "",
},
"/caos.zitadel.auth.api.v1.AuthService/SearchMyExternalIDPs": authz.Option{
Permission: "authenticated",
CheckParam: "",
},
"/caos.zitadel.auth.api.v1.AuthService/RemoveMyExternalIDP": authz.Option{
Permission: "authenticated",
CheckParam: "",
},
"/caos.zitadel.auth.api.v1.AuthService/AddMfaOTP": authz.Option{
Permission: "authenticated",
CheckParam: "",

6757
pkg/grpc/auth/auth.pb.go
View File

File diff suppressed because it is too large Load Diff

203
pkg/grpc/auth/auth.pb.gw.go
View File

@@ -508,7 +508,10 @@ func local_request_AuthService_GetMyUserChanges_0(ctx context.Context, marshaler
var protoReq ChangesRequest
var metadata runtime.ServerMetadata
if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_AuthService_GetMyUserChanges_0); err != nil {
if err := req.ParseForm(); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_AuthService_GetMyUserChanges_0); err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
@@ -621,6 +624,116 @@ func local_request_AuthService_GetMyPasswordComplexityPolicy_0(ctx context.Conte
}
func request_AuthService_SearchMyExternalIDPs_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq ExternalIDPSearchRequest
var metadata runtime.ServerMetadata
newReader, berr := utilities.IOReaderFactory(req.Body)
if berr != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
}
if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := client.SearchMyExternalIDPs(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
}
func local_request_AuthService_SearchMyExternalIDPs_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq ExternalIDPSearchRequest
var metadata runtime.ServerMetadata
newReader, berr := utilities.IOReaderFactory(req.Body)
if berr != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr)
}
if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF {
return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
}
msg, err := server.SearchMyExternalIDPs(ctx, &protoReq)
return msg, metadata, err
}
func request_AuthService_RemoveMyExternalIDP_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq ExternalIDPRemoveRequest
var metadata runtime.ServerMetadata
var (
val string
ok bool
err error
_ = err
)
val, ok = pathParams["idp_config_id"]
if !ok {
return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "idp_config_id")
}
protoReq.IdpConfigId, err = runtime.String(val)
if err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "idp_config_id", err)
}
val, ok = pathParams["external_user_id"]
if !ok {
return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "external_user_id")
}
protoReq.ExternalUserId, err = runtime.String(val)
if err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "external_user_id", err)
}
msg, err := client.RemoveMyExternalIDP(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
return msg, metadata, err
}
func local_request_AuthService_RemoveMyExternalIDP_0(ctx context.Context, marshaler runtime.Marshaler, server AuthServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq ExternalIDPRemoveRequest
var metadata runtime.ServerMetadata
var (
val string
ok bool
err error
_ = err
)
val, ok = pathParams["idp_config_id"]
if !ok {
return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "idp_config_id")
}
protoReq.IdpConfigId, err = runtime.String(val)
if err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "idp_config_id", err)
}
val, ok = pathParams["external_user_id"]
if !ok {
return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "external_user_id")
}
protoReq.ExternalUserId, err = runtime.String(val)
if err != nil {
return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "external_user_id", err)
}
msg, err := server.RemoveMyExternalIDP(ctx, &protoReq)
return msg, metadata, err
}
func request_AuthService_AddMfaOTP_0(ctx context.Context, marshaler runtime.Marshaler, client AuthServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
var protoReq empty.Empty
var metadata runtime.ServerMetadata
@@ -1276,6 +1389,46 @@ func RegisterAuthServiceHandlerServer(ctx context.Context, mux *runtime.ServeMux
})
mux.Handle("POST", pattern_AuthService_SearchMyExternalIDPs_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := local_request_AuthService_SearchMyExternalIDPs_0(rctx, inboundMarshaler, server, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_AuthService_SearchMyExternalIDPs_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
mux.Handle("DELETE", pattern_AuthService_RemoveMyExternalIDP_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := local_request_AuthService_RemoveMyExternalIDP_0(rctx, inboundMarshaler, server, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_AuthService_RemoveMyExternalIDP_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
mux.Handle("POST", pattern_AuthService_AddMfaOTP_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
@@ -1917,6 +2070,46 @@ func RegisterAuthServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux
})
mux.Handle("POST", pattern_AuthService_SearchMyExternalIDPs_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateContext(ctx, mux, req)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := request_AuthService_SearchMyExternalIDPs_0(rctx, inboundMarshaler, client, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_AuthService_SearchMyExternalIDPs_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
mux.Handle("DELETE", pattern_AuthService_RemoveMyExternalIDP_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
rctx, err := runtime.AnnotateContext(ctx, mux, req)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
resp, md, err := request_AuthService_RemoveMyExternalIDP_0(rctx, inboundMarshaler, client, req, pathParams)
ctx = runtime.NewServerMetadataContext(ctx, md)
if err != nil {
runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
return
}
forward_AuthService_RemoveMyExternalIDP_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
})
mux.Handle("POST", pattern_AuthService_AddMfaOTP_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
ctx, cancel := context.WithCancel(req.Context())
defer cancel()
@@ -2107,6 +2300,10 @@ var (
pattern_AuthService_GetMyPasswordComplexityPolicy_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"policies", "passwords", "complexity"}, "", runtime.AssumeColonVerbOpt(true)))
pattern_AuthService_SearchMyExternalIDPs_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"users", "me", "externalidps", "_search"}, "", runtime.AssumeColonVerbOpt(true)))
pattern_AuthService_RemoveMyExternalIDP_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 1, 0, 4, 1, 5, 4}, []string{"users", "me", "externalidps", "idp_config_id", "external_user_id"}, "", runtime.AssumeColonVerbOpt(true)))
pattern_AuthService_AddMfaOTP_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3}, []string{"users", "me", "mfas", "otp"}, "", runtime.AssumeColonVerbOpt(true)))
pattern_AuthService_VerifyMfaOTP_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 2, 3, 2, 4}, []string{"users", "me", "mfas", "otp", "_verify"}, "", runtime.AssumeColonVerbOpt(true)))
@@ -2169,6 +2366,10 @@ var (
forward_AuthService_GetMyPasswordComplexityPolicy_0 = runtime.ForwardResponseMessage
forward_AuthService_SearchMyExternalIDPs_0 = runtime.ForwardResponseMessage
forward_AuthService_RemoveMyExternalIDP_0 = runtime.ForwardResponseMessage
forward_AuthService_AddMfaOTP_0 = runtime.ForwardResponseMessage
forward_AuthService_VerifyMfaOTP_0 = runtime.ForwardResponseMessage

412
pkg/grpc/auth/auth.pb.validate.go
View File

@@ -3432,3 +3432,415 @@ var _ interface {
Cause() error
ErrorName() string
} = PasswordComplexityPolicyValidationError{}
// Validate checks the field values on ExternalIDPResponse with the rules
// defined in the proto definition for this message. If any rules are
// violated, an error is returned.
func (m *ExternalIDPResponse) Validate() error {
if m == nil {
return nil
}
// no validation rules for IdpConfigId
// no validation rules for UserId
// no validation rules for DisplayName
return nil
}
// ExternalIDPResponseValidationError is the validation error returned by
// ExternalIDPResponse.Validate if the designated constraints aren't met.
type ExternalIDPResponseValidationError struct {
field string
reason string
cause error
key bool
}
// Field function returns field value.
func (e ExternalIDPResponseValidationError) Field() string { return e.field }
// Reason function returns reason value.
func (e ExternalIDPResponseValidationError) Reason() string { return e.reason }
// Cause function returns cause value.
func (e ExternalIDPResponseValidationError) Cause() error { return e.cause }
// Key function returns key value.
func (e ExternalIDPResponseValidationError) Key() bool { return e.key }
// ErrorName returns error name.
func (e ExternalIDPResponseValidationError) ErrorName() string {
return "ExternalIDPResponseValidationError"
}
// Error satisfies the builtin error interface
func (e ExternalIDPResponseValidationError) Error() string {
cause := ""
if e.cause != nil {
cause = fmt.Sprintf(" | caused by: %v", e.cause)
}
key := ""
if e.key {
key = "key for "
}
return fmt.Sprintf(
"invalid %sExternalIDPResponse.%s: %s%s",
key,
e.field,
e.reason,
cause)
}
var _ error = ExternalIDPResponseValidationError{}
var _ interface {
Field() string
Reason() string
Key() bool
Cause() error
ErrorName() string
} = ExternalIDPResponseValidationError{}
// Validate checks the field values on ExternalIDPRemoveRequest with the rules
// defined in the proto definition for this message. If any rules are
// violated, an error is returned.
func (m *ExternalIDPRemoveRequest) Validate() error {
if m == nil {
return nil
}
// no validation rules for IdpConfigId
// no validation rules for ExternalUserId
return nil
}
// ExternalIDPRemoveRequestValidationError is the validation error returned by
// ExternalIDPRemoveRequest.Validate if the designated constraints aren't met.
type ExternalIDPRemoveRequestValidationError struct {
field string
reason string
cause error
key bool
}
// Field function returns field value.
func (e ExternalIDPRemoveRequestValidationError) Field() string { return e.field }
// Reason function returns reason value.
func (e ExternalIDPRemoveRequestValidationError) Reason() string { return e.reason }
// Cause function returns cause value.
func (e ExternalIDPRemoveRequestValidationError) Cause() error { return e.cause }
// Key function returns key value.
func (e ExternalIDPRemoveRequestValidationError) Key() bool { return e.key }
// ErrorName returns error name.
func (e ExternalIDPRemoveRequestValidationError) ErrorName() string {
return "ExternalIDPRemoveRequestValidationError"
}
// Error satisfies the builtin error interface
func (e ExternalIDPRemoveRequestValidationError) Error() string {
cause := ""
if e.cause != nil {
cause = fmt.Sprintf(" | caused by: %v", e.cause)
}
key := ""
if e.key {
key = "key for "
}
return fmt.Sprintf(
"invalid %sExternalIDPRemoveRequest.%s: %s%s",
key,
e.field,
e.reason,
cause)
}
var _ error = ExternalIDPRemoveRequestValidationError{}
var _ interface {
Field() string
Reason() string
Key() bool
Cause() error
ErrorName() string
} = ExternalIDPRemoveRequestValidationError{}
// Validate checks the field values on ExternalIDPSearchRequest with the rules
// defined in the proto definition for this message. If any rules are
// violated, an error is returned.
func (m *ExternalIDPSearchRequest) Validate() error {
if m == nil {
return nil
}
// no validation rules for Offset
// no validation rules for Limit
// no validation rules for UserId
return nil
}
// ExternalIDPSearchRequestValidationError is the validation error returned by
// ExternalIDPSearchRequest.Validate if the designated constraints aren't met.
type ExternalIDPSearchRequestValidationError struct {
field string
reason string
cause error
key bool
}
// Field function returns field value.
func (e ExternalIDPSearchRequestValidationError) Field() string { return e.field }
// Reason function returns reason value.
func (e ExternalIDPSearchRequestValidationError) Reason() string { return e.reason }
// Cause function returns cause value.
func (e ExternalIDPSearchRequestValidationError) Cause() error { return e.cause }
// Key function returns key value.
func (e ExternalIDPSearchRequestValidationError) Key() bool { return e.key }
// ErrorName returns error name.
func (e ExternalIDPSearchRequestValidationError) ErrorName() string {
return "ExternalIDPSearchRequestValidationError"
}
// Error satisfies the builtin error interface
func (e ExternalIDPSearchRequestValidationError) Error() string {
cause := ""
if e.cause != nil {
cause = fmt.Sprintf(" | caused by: %v", e.cause)
}
key := ""
if e.key {
key = "key for "
}
return fmt.Sprintf(
"invalid %sExternalIDPSearchRequest.%s: %s%s",
key,
e.field,
e.reason,
cause)
}
var _ error = ExternalIDPSearchRequestValidationError{}
var _ interface {
Field() string
Reason() string
Key() bool
Cause() error
ErrorName() string
} = ExternalIDPSearchRequestValidationError{}
// Validate checks the field values on ExternalIDPSearchResponse with the rules
// defined in the proto definition for this message. If any rules are
// violated, an error is returned.
func (m *ExternalIDPSearchResponse) Validate() error {
if m == nil {
return nil
}
// no validation rules for Offset
// no validation rules for Limit
// no validation rules for TotalResult
for idx, item := range m.GetResult() {
_, _ = idx, item
if v, ok := interface{}(item).(interface{ Validate() error }); ok {
if err := v.Validate(); err != nil {
return ExternalIDPSearchResponseValidationError{
field: fmt.Sprintf("Result[%v]", idx),
reason: "embedded message failed validation",
cause: err,
}
}
}
}
// no validation rules for ProcessedSequence
if v, ok := interface{}(m.GetViewTimestamp()).(interface{ Validate() error }); ok {
if err := v.Validate(); err != nil {
return ExternalIDPSearchResponseValidationError{
field: "ViewTimestamp",
reason: "embedded message failed validation",
cause: err,
}
}
}
return nil
}
// ExternalIDPSearchResponseValidationError is the validation error returned by
// ExternalIDPSearchResponse.Validate if the designated constraints aren't met.
type ExternalIDPSearchResponseValidationError struct {
field string
reason string
cause error
key bool
}
// Field function returns field value.
func (e ExternalIDPSearchResponseValidationError) Field() string { return e.field }
// Reason function returns reason value.
func (e ExternalIDPSearchResponseValidationError) Reason() string { return e.reason }
// Cause function returns cause value.
func (e ExternalIDPSearchResponseValidationError) Cause() error { return e.cause }
// Key function returns key value.
func (e ExternalIDPSearchResponseValidationError) Key() bool { return e.key }
// ErrorName returns error name.
func (e ExternalIDPSearchResponseValidationError) ErrorName() string {
return "ExternalIDPSearchResponseValidationError"
}
// Error satisfies the builtin error interface
func (e ExternalIDPSearchResponseValidationError) Error() string {
cause := ""
if e.cause != nil {
cause = fmt.Sprintf(" | caused by: %v", e.cause)
}
key := ""
if e.key {
key = "key for "
}
return fmt.Sprintf(
"invalid %sExternalIDPSearchResponse.%s: %s%s",
key,
e.field,
e.reason,
cause)
}
var _ error = ExternalIDPSearchResponseValidationError{}
var _ interface {
Field() string
Reason() string
Key() bool
Cause() error
ErrorName() string
} = ExternalIDPSearchResponseValidationError{}
// Validate checks the field values on ExternalIDPView with the rules defined
// in the proto definition for this message. If any rules are violated, an
// error is returned.
func (m *ExternalIDPView) Validate() error {
if m == nil {
return nil
}
// no validation rules for UserId
// no validation rules for IdpConfigId
// no validation rules for ExternalUserId
// no validation rules for IdpName
// no validation rules for ExternalUserDisplayName
if v, ok := interface{}(m.GetCreationDate()).(interface{ Validate() error }); ok {
if err := v.Validate(); err != nil {
return ExternalIDPViewValidationError{
field: "CreationDate",
reason: "embedded message failed validation",
cause: err,
}
}
}
if v, ok := interface{}(m.GetChangeDate()).(interface{ Validate() error }); ok {
if err := v.Validate(); err != nil {
return ExternalIDPViewValidationError{
field: "ChangeDate",
reason: "embedded message failed validation",
cause: err,
}
}
}
return nil
}
// ExternalIDPViewValidationError is the validation error returned by
// ExternalIDPView.Validate if the designated constraints aren't met.
type ExternalIDPViewValidationError struct {
field string
reason string
cause error
key bool
}
// Field function returns field value.
func (e ExternalIDPViewValidationError) Field() string { return e.field }
// Reason function returns reason value.
func (e ExternalIDPViewValidationError) Reason() string { return e.reason }
// Cause function returns cause value.
func (e ExternalIDPViewValidationError) Cause() error { return e.cause }
// Key function returns key value.
func (e ExternalIDPViewValidationError) Key() bool { return e.key }
// ErrorName returns error name.
func (e ExternalIDPViewValidationError) ErrorName() string { return "ExternalIDPViewValidationError" }
// Error satisfies the builtin error interface
func (e ExternalIDPViewValidationError) Error() string {
cause := ""
if e.cause != nil {
cause = fmt.Sprintf(" | caused by: %v", e.cause)
}
key := ""
if e.key {
key = "key for "
}
return fmt.Sprintf(
"invalid %sExternalIDPView.%s: %s%s",
key,
e.field,
e.reason,
cause)
}
var _ error = ExternalIDPViewValidationError{}
var _ interface {
Field() string
Reason() string
Key() bool
Cause() error
ErrorName() string
} = ExternalIDPViewValidationError{}

420
pkg/grpc/auth/auth.swagger.json
View File

@@ -21,13 +21,19 @@
"paths": {
"/global/projectorgs/_search": {
"post": {
"operationId": "SearchMyProjectOrgs",
"operationId": "AuthService_SearchMyProjectOrgs",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1MyProjectOrgSearchResponse"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -48,13 +54,19 @@
"/healthz": {
"get": {
"summary": "Readiness",
"operationId": "Healthz",
"operationId": "AuthService_Healthz",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -64,13 +76,19 @@
},
"/permissions/me": {
"get": {
"operationId": "GetMyProjectPermissions",
"operationId": "AuthService_GetMyProjectPermissions",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1MyPermissions"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -81,13 +99,19 @@
"/permissions/zitadel/me": {
"get": {
"summary": "Permission",
"operationId": "GetMyZitadelPermissions",
"operationId": "AuthService_GetMyZitadelPermissions",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1MyPermissions"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -97,13 +121,19 @@
},
"/policies/passwords/complexity": {
"get": {
"operationId": "GetMyPasswordComplexityPolicy",
"operationId": "AuthService_GetMyPasswordComplexityPolicy",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1PasswordComplexityPolicy"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -113,13 +143,19 @@
},
"/ready": {
"get": {
"operationId": "Ready",
"operationId": "AuthService_Ready",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -129,13 +165,19 @@
},
"/usergrants/me/_search": {
"post": {
"operationId": "SearchMyUserGrant",
"operationId": "AuthService_SearchMyUserGrant",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserGrantSearchResponse"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -156,13 +198,19 @@
"/users/me": {
"get": {
"summary": "User",
"operationId": "GetMyUser",
"operationId": "AuthService_GetMyUser",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserView"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -172,13 +220,19 @@
},
"/users/me/address": {
"get": {
"operationId": "GetMyUserAddress",
"operationId": "AuthService_GetMyUserAddress",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserAddressView"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -186,13 +240,19 @@
]
},
"put": {
"operationId": "UpdateMyUserAddress",
"operationId": "AuthService_UpdateMyUserAddress",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserAddress"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -212,13 +272,19 @@
},
"/users/me/changes": {
"get": {
"operationId": "GetMyUserChanges",
"operationId": "AuthService_GetMyUserChanges",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1Changes"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -251,13 +317,19 @@
},
"/users/me/email": {
"get": {
"operationId": "GetMyUserEmail",
"operationId": "AuthService_GetMyUserEmail",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserEmailView"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -265,13 +337,19 @@
]
},
"put": {
"operationId": "ChangeMyUserEmail",
"operationId": "AuthService_ChangeMyUserEmail",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserEmail"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -291,13 +369,19 @@
},
"/users/me/email/_resendverification": {
"post": {
"operationId": "ResendMyEmailVerificationMail",
"operationId": "AuthService_ResendMyEmailVerificationMail",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -317,13 +401,19 @@
},
"/users/me/email/_verify": {
"post": {
"operationId": "VerifyMyUserEmail",
"operationId": "AuthService_VerifyMyUserEmail",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -341,15 +431,90 @@
]
}
},
"/users/me/externalidps/_search": {
"post": {
"summary": "ExternalIDP",
"operationId": "AuthService_SearchMyExternalIDPs",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1ExternalIDPSearchResponse"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/v1ExternalIDPSearchRequest"
}
}
],
"tags": [
"AuthService"
]
}
},
"/users/me/externalidps/{idp_config_id}/{external_user_id}": {
"delete": {
"operationId": "AuthService_RemoveMyExternalIDP",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
{
"name": "idp_config_id",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "external_user_id",
"in": "path",
"required": true,
"type": "string"
}
],
"tags": [
"AuthService"
]
}
},
"/users/me/mfas": {
"get": {
"operationId": "GetMyMfas",
"operationId": "AuthService_GetMyMfas",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1MultiFactors"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -359,13 +524,19 @@
},
"/users/me/mfas/otp": {
"delete": {
"operationId": "RemoveMfaOTP",
"operationId": "AuthService_RemoveMfaOTP",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -374,13 +545,19 @@
},
"post": {
"summary": "MFA",
"operationId": "AddMfaOTP",
"operationId": "AuthService_AddMfaOTP",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1MfaOtpResponse"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -400,13 +577,19 @@
},
"/users/me/mfas/otp/_verify": {
"put": {
"operationId": "VerifyMfaOTP",
"operationId": "AuthService_VerifyMfaOTP",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -427,13 +610,19 @@
"/users/me/passwords/_change": {
"put": {
"summary": "Password",
"operationId": "ChangeMyPassword",
"operationId": "AuthService_ChangeMyPassword",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -453,13 +642,19 @@
},
"/users/me/phone": {
"get": {
"operationId": "GetMyUserPhone",
"operationId": "AuthService_GetMyUserPhone",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserPhoneView"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -467,13 +662,19 @@
]
},
"delete": {
"operationId": "RemoveMyUserPhone",
"operationId": "AuthService_RemoveMyUserPhone",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -481,13 +682,19 @@
]
},
"put": {
"operationId": "ChangeMyUserPhone",
"operationId": "AuthService_ChangeMyUserPhone",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserPhone"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -507,13 +714,19 @@
},
"/users/me/phone/_resendverification": {
"post": {
"operationId": "ResendMyPhoneVerificationCode",
"operationId": "AuthService_ResendMyPhoneVerificationCode",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -533,13 +746,19 @@
},
"/users/me/phone/_verify": {
"post": {
"operationId": "VerifyMyUserPhone",
"operationId": "AuthService_VerifyMyUserPhone",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -559,13 +778,19 @@
},
"/users/me/profile": {
"get": {
"operationId": "GetMyUserProfile",
"operationId": "AuthService_GetMyUserProfile",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserProfileView"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -573,13 +798,19 @@
]
},
"put": {
"operationId": "UpdateMyUserProfile",
"operationId": "AuthService_UpdateMyUserProfile",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserProfile"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -600,13 +831,19 @@
"/users/me/sessions": {
"get": {
"summary": "Authorization",
"operationId": "GetMyUserSessions",
"operationId": "AuthService_GetMyUserSessions",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/v1UserSessionViews"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -616,13 +853,19 @@
},
"/users/me/username": {
"put": {
"operationId": "ChangeMyUserName",
"operationId": "AuthService_ChangeMyUserName",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"properties": {}
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"parameters": [
@@ -642,13 +885,19 @@
},
"/validate": {
"get": {
"operationId": "Validate",
"operationId": "AuthService_Validate",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "object"
}
},
"default": {
"description": "An unexpected error response",
"schema": {
"$ref": "#/definitions/runtimeError"
}
}
},
"tags": [
@@ -658,6 +907,21 @@
}
},
"definitions": {
"protobufAny": {
"type": "object",
"properties": {
"type_url": {
"type": "string",
"description": "A URL/resource name that uniquely identifies the type of the serialized\nprotocol buffer message. This string must contain at least\none \"/\" character. The last segment of the URL's path must represent\nthe fully qualified name of the type (as in\n`path/google.protobuf.Duration`). The name should be in a canonical form\n(e.g., leading \".\" is not accepted).\n\nIn practice, teams usually precompile into the binary all types that they\nexpect it to use in the context of Any. However, for URLs which use the\nscheme `http`, `https`, or no scheme, one can optionally set up a type\nserver that maps type URLs to message definitions as follows:\n\n* If no scheme is provided, `https` is assumed.\n* An HTTP GET on the URL must yield a [google.protobuf.Type][]\n value in binary format, or produce an error.\n* Applications are allowed to cache lookup results based on the\n URL, or have them precompiled into a binary to avoid any\n lookup. Therefore, binary compatibility needs to be preserved\n on changes to types. (Use versioned type names to manage\n breaking changes.)\n\nNote: this functionality is not currently available in the official\nprotobuf release, and it is not used for type URLs beginning with\ntype.googleapis.com.\n\nSchemes other than `http`, `https` (or the empty scheme) might be\nused with implementation specific semantics."
},
"value": {
"type": "string",
"format": "byte",
"description": "Must be a valid serialized protocol buffer of the above specified type."
}
},
"description": "`Any` contains an arbitrary serialized protocol buffer message along with a\nURL that describes the type of the serialized message.\n\nProtobuf library provides support to pack/unpack Any values in the form\nof utility functions or additional generated methods of the Any type.\n\nExample 1: Pack and unpack a message in C++.\n\n Foo foo = ...;\n Any any;\n any.PackFrom(foo);\n ...\n if (any.UnpackTo(\u0026foo)) {\n ...\n }\n\nExample 2: Pack and unpack a message in Java.\n\n Foo foo = ...;\n Any any = Any.pack(foo);\n ...\n if (any.is(Foo.class)) {\n foo = any.unpack(Foo.class);\n }\n\n Example 3: Pack and unpack a message in Python.\n\n foo = Foo(...)\n any = Any()\n any.Pack(foo)\n ...\n if any.Is(Foo.DESCRIPTOR):\n any.Unpack(foo)\n ...\n\n Example 4: Pack and unpack a message in Go\n\n foo := \u0026pb.Foo{...}\n any, err := ptypes.MarshalAny(foo)\n ...\n foo := \u0026pb.Foo{}\n if err := ptypes.UnmarshalAny(any, foo); err != nil {\n ...\n }\n\nThe pack methods provided by protobuf library will by default use\n'type.googleapis.com/full.type.name' as the type URL and the unpack\nmethods only use the fully qualified type name after the last '/'\nin the type URL, for example \"foo.bar.com/x/y.z\" will yield type\nname \"y.z\".\n\n\nJSON\n====\nThe JSON representation of an `Any` value uses the regular\nrepresentation of the deserialized, embedded message, with an\nadditional field `@type` which contains the type URL. Example:\n\n package google.profile;\n message Person {\n string first_name = 1;\n string last_name = 2;\n }\n\n {\n \"@type\": \"type.googleapis.com/google.profile.Person\",\n \"firstName\": \u003cstring\u003e,\n \"lastName\": \u003cstring\u003e\n }\n\nIf the embedded message type is well-known and has a custom JSON\nrepresentation, that representation will be embedded adding a field\n`value` which holds the custom JSON in addition to the `@type`\nfield. Example (for message [google.protobuf.Duration][]):\n\n {\n \"@type\": \"type.googleapis.com/google.protobuf.Duration\",\n \"value\": \"1.212s\"\n }"
},
"protobufNullValue": {
"type": "string",
"enum": [
@@ -666,6 +930,27 @@
"default": "NULL_VALUE",
"description": "`NullValue` is a singleton enumeration to represent the null value for the\n`Value` type union.\n\n The JSON representation for `NullValue` is JSON `null`.\n\n - NULL_VALUE: Null value."
},
"runtimeError": {
"type": "object",
"properties": {
"error": {
"type": "string"
},
"code": {
"type": "integer",
"format": "int32"
},
"message": {
"type": "string"
},
"details": {
"type": "array",
"items": {
"$ref": "#/definitions/protobufAny"
}
}
}
},
"v1Change": {
"type": "object",
"properties": {
@@ -718,6 +1003,81 @@
}
}
},
"v1ExternalIDPSearchRequest": {
"type": "object",
"properties": {
"offset": {
"type": "string",
"format": "uint64"
},
"limit": {
"type": "string",
"format": "uint64"
},
"user_id": {
"type": "string"
}
}
},
"v1ExternalIDPSearchResponse": {
"type": "object",
"properties": {
"offset": {
"type": "string",
"format": "uint64"
},
"limit": {
"type": "string",
"format": "uint64"
},
"total_result": {
"type": "string",
"format": "uint64"
},
"result": {
"type": "array",
"items": {
"$ref": "#/definitions/v1ExternalIDPView"
}
},
"processed_sequence": {
"type": "string",
"format": "uint64"
},
"view_timestamp": {
"type": "string",
"format": "date-time"
}
}
},
"v1ExternalIDPView": {
"type": "object",
"properties": {
"user_id": {
"type": "string"
},
"idp_config_id": {
"type": "string"
},
"external_user_id": {
"type": "string"
},
"idp_name": {
"type": "string"
},
"external_user_display_name": {
"type": "string"
},
"creation_date": {
"type": "string",
"format": "date-time"
},
"change_date": {
"type": "string",
"format": "date-time"
}
}
},
"v1Gender": {
"type": "string",
"enum": [

40
pkg/grpc/auth/mock/auth.proto.mock.go
View File

@@ -417,6 +417,26 @@ func (mr *MockAuthServiceClientMockRecorder) RemoveMfaOTP(arg0, arg1 interface{}
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RemoveMfaOTP", reflect.TypeOf((*MockAuthServiceClient)(nil).RemoveMfaOTP), varargs...)
}
// RemoveMyExternalIDP mocks base method
func (m *MockAuthServiceClient) RemoveMyExternalIDP(arg0 context.Context, arg1 *auth.ExternalIDPRemoveRequest, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "RemoveMyExternalIDP", varargs...)
ret0, _ := ret[0].(*emptypb.Empty)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// RemoveMyExternalIDP indicates an expected call of RemoveMyExternalIDP
func (mr *MockAuthServiceClientMockRecorder) RemoveMyExternalIDP(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
varargs := append([]interface{}{arg0, arg1}, arg2...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RemoveMyExternalIDP", reflect.TypeOf((*MockAuthServiceClient)(nil).RemoveMyExternalIDP), varargs...)
}
// RemoveMyUserPhone mocks base method
func (m *MockAuthServiceClient) RemoveMyUserPhone(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
m.ctrl.T.Helper()
@@ -477,6 +497,26 @@ func (mr *MockAuthServiceClientMockRecorder) ResendMyPhoneVerificationCode(arg0,
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ResendMyPhoneVerificationCode", reflect.TypeOf((*MockAuthServiceClient)(nil).ResendMyPhoneVerificationCode), varargs...)
}
// SearchMyExternalIDPs mocks base method
func (m *MockAuthServiceClient) SearchMyExternalIDPs(arg0 context.Context, arg1 *auth.ExternalIDPSearchRequest, arg2 ...grpc.CallOption) (*auth.ExternalIDPSearchResponse, error) {
m.ctrl.T.Helper()
varargs := []interface{}{arg0, arg1}
for _, a := range arg2 {
varargs = append(varargs, a)
}
ret := m.ctrl.Call(m, "SearchMyExternalIDPs", varargs...)
ret0, _ := ret[0].(*auth.ExternalIDPSearchResponse)
ret1, _ := ret[1].(error)
return ret0, ret1
}
// SearchMyExternalIDPs indicates an expected call of SearchMyExternalIDPs
func (mr *MockAuthServiceClientMockRecorder) SearchMyExternalIDPs(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
mr.mock.ctrl.T.Helper()
varargs := append([]interface{}{arg0, arg1}, arg2...)
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchMyExternalIDPs", reflect.TypeOf((*MockAuthServiceClient)(nil).SearchMyExternalIDPs), varargs...)
}
// SearchMyProjectOrgs mocks base method
func (m *MockAuthServiceClient) SearchMyProjectOrgs(arg0 context.Context, arg1 *auth.MyProjectOrgSearchRequest, arg2 ...grpc.CallOption) (*auth.MyProjectOrgSearchResponse, error) {
m.ctrl.T.Helper()

58
pkg/grpc/auth/proto/auth.proto
View File

@@ -264,6 +264,28 @@ service AuthService {
};
}
//ExternalIDP
rpc SearchMyExternalIDPs(ExternalIDPSearchRequest) returns (ExternalIDPSearchResponse) {
option (google.api.http) = {
post: "/users/me/externalidps/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
rpc RemoveMyExternalIDP(ExternalIDPRemoveRequest) returns (google.protobuf.Empty) {
option (google.api.http) = {
delete: "/users/me/externalidps/{idp_config_id}/{external_user_id}"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
// MFA
rpc AddMfaOTP(google.protobuf.Empty) returns (MfaOtpResponse) {
option (google.api.http) = {
@@ -714,3 +736,39 @@ message PasswordComplexityPolicy {
uint64 sequence = 10;
bool is_default = 11;
}
message ExternalIDPResponse {
string idp_config_id = 1;
string user_id = 2;
string display_name = 3;
}
message ExternalIDPRemoveRequest {
string idp_config_id = 1;
string external_user_id = 2;
}
message ExternalIDPSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
string user_id = 3;
}
message ExternalIDPSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated ExternalIDPView result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
}
message ExternalIDPView {
string user_id = 1;
string idp_config_id = 2;
string external_user_id = 3;
string idp_name = 4;
string external_user_display_name = 5;
google.protobuf.Timestamp creation_date = 6;
google.protobuf.Timestamp change_date = 7;
}