feat: port reduction (#323)

* move mgmt pkg * begin package restructure * rename auth package to authz * begin start api * move auth * move admin * fix merge * configs and interceptors * interceptor * revert generate-grpc.sh * some cleanups * console * move console * fix tests and merging * js linting * merge * merging and configs * change k8s base to current ports * fixes * cleanup * regenerate proto * remove unnecessary whitespace * missing param * go mod tidy * fix merging * move login pkg * cleanup * move api pkgs again * fix pkg naming * fix generate-static.sh for login * update workflow * fixes * logging * remove duplicate * comment for optional gateway interfaces * regenerate protos * fix proto imports for grpc web * protos * grpc web generate * grpc web generate * fix changes * add translation interceptor * fix merging * regenerate mgmt proto
2025-08-11 21:37:32 +00:00 · 2020-07-08 13:56:37 +02:00
parent 708652a655
commit 3549a8b64e
330 changed files with 30495 additions and 30809 deletions
--- a/pkg/grpc/auth/auth.pb.authoptions.go
+++ b/pkg/grpc/auth/auth.pb.authoptions.go
@@ -0,0 +1,146 @@
+// Code generated by protoc-gen-authmethod. DO NOT EDIT.
+
+package auth
+
+import (
+	"github.com/caos/zitadel/internal/api/authz"
+)
+
+/**
+ * AuthService
+ */
+
+const AuthService_MethodPrefix = "caos.zitadel.auth.api.v1.AuthService"
+
+var AuthService_AuthMethods = authz.MethodMapping{
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyUserSessions": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyUser": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyUserProfile": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/UpdateMyUserProfile": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyUserEmail": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/ChangeMyUserEmail": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/VerifyMyUserEmail": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/ResendMyEmailVerificationMail": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyUserPhone": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/ChangeMyUserPhone": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/RemoveMyUserPhone": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/VerifyMyUserPhone": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/ResendMyPhoneVerificationCode": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyUserAddress": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyUserChanges": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/UpdateMyUserAddress": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyMfas": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/ChangeMyPassword": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyPasswordComplexityPolicy": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/AddMfaOTP": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/VerifyMfaOTP": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/RemoveMfaOTP": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/SearchMyUserGrant": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/SearchMyProjectOrgs": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyZitadelPermissions": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyProjectPermissions": authz.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
+}
--- a/pkg/grpc/auth/auth.pb.go
+++ b/pkg/grpc/auth/auth.pb.go
--- a/pkg/grpc/auth/auth.pb.gw.go
+++ b/pkg/grpc/auth/auth.pb.gw.go
--- a/pkg/grpc/auth/auth.swagger.json
+++ b/pkg/grpc/auth/auth.swagger.json
--- a/pkg/grpc/auth/changes.go
+++ b/pkg/grpc/auth/changes.go
@@ -0,0 +1,11 @@
+package auth
+
+import "github.com/caos/zitadel/internal/api/grpc/server/middleware"
+
+func (c *Changes) Localizers() []middleware.Localizer {
+	localizers := make([]middleware.Localizer, len(c.Changes))
+	for i, change := range c.Changes {
+		localizers[i] = change.EventType
+	}
+	return localizers
+}
--- a/pkg/grpc/auth/mock/auth.proto.mock.go
+++ b/pkg/grpc/auth/mock/auth.proto.mock.go
@@ -0,0 +1,618 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/caos/zitadel/pkg/grpc/auth (interfaces: AuthServiceClient)
+
+// Package api is a generated GoMock package.
+package api
+
+import (
+	context "context"
+	auth "github.com/caos/zitadel/pkg/grpc/auth"
+	gomock "github.com/golang/mock/gomock"
+	grpc "google.golang.org/grpc"
+	emptypb "google.golang.org/protobuf/types/known/emptypb"
+	structpb "google.golang.org/protobuf/types/known/structpb"
+	reflect "reflect"
+)
+
+// MockAuthServiceClient is a mock of AuthServiceClient interface
+type MockAuthServiceClient struct {
+	ctrl     *gomock.Controller
+	recorder *MockAuthServiceClientMockRecorder
+}
+
+// MockAuthServiceClientMockRecorder is the mock recorder for MockAuthServiceClient
+type MockAuthServiceClientMockRecorder struct {
+	mock *MockAuthServiceClient
+}
+
+// NewMockAuthServiceClient creates a new mock instance
+func NewMockAuthServiceClient(ctrl *gomock.Controller) *MockAuthServiceClient {
+	mock := &MockAuthServiceClient{ctrl: ctrl}
+	mock.recorder = &MockAuthServiceClientMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use
+func (m *MockAuthServiceClient) EXPECT() *MockAuthServiceClientMockRecorder {
+	return m.recorder
+}
+
+// AddMfaOTP mocks base method
+func (m *MockAuthServiceClient) AddMfaOTP(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.MfaOtpResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "AddMfaOTP", varargs...)
+	ret0, _ := ret[0].(*auth.MfaOtpResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// AddMfaOTP indicates an expected call of AddMfaOTP
+func (mr *MockAuthServiceClientMockRecorder) AddMfaOTP(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddMfaOTP", reflect.TypeOf((*MockAuthServiceClient)(nil).AddMfaOTP), varargs...)
+}
+
+// ChangeMyPassword mocks base method
+func (m *MockAuthServiceClient) ChangeMyPassword(arg0 context.Context, arg1 *auth.PasswordChange, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "ChangeMyPassword", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ChangeMyPassword indicates an expected call of ChangeMyPassword
+func (mr *MockAuthServiceClientMockRecorder) ChangeMyPassword(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ChangeMyPassword", reflect.TypeOf((*MockAuthServiceClient)(nil).ChangeMyPassword), varargs...)
+}
+
+// ChangeMyUserEmail mocks base method
+func (m *MockAuthServiceClient) ChangeMyUserEmail(arg0 context.Context, arg1 *auth.UpdateUserEmailRequest, arg2 ...grpc.CallOption) (*auth.UserEmail, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "ChangeMyUserEmail", varargs...)
+	ret0, _ := ret[0].(*auth.UserEmail)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ChangeMyUserEmail indicates an expected call of ChangeMyUserEmail
+func (mr *MockAuthServiceClientMockRecorder) ChangeMyUserEmail(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ChangeMyUserEmail", reflect.TypeOf((*MockAuthServiceClient)(nil).ChangeMyUserEmail), varargs...)
+}
+
+// ChangeMyUserPhone mocks base method
+func (m *MockAuthServiceClient) ChangeMyUserPhone(arg0 context.Context, arg1 *auth.UpdateUserPhoneRequest, arg2 ...grpc.CallOption) (*auth.UserPhone, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "ChangeMyUserPhone", varargs...)
+	ret0, _ := ret[0].(*auth.UserPhone)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ChangeMyUserPhone indicates an expected call of ChangeMyUserPhone
+func (mr *MockAuthServiceClientMockRecorder) ChangeMyUserPhone(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ChangeMyUserPhone", reflect.TypeOf((*MockAuthServiceClient)(nil).ChangeMyUserPhone), varargs...)
+}
+
+// GetMyMfas mocks base method
+func (m *MockAuthServiceClient) GetMyMfas(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.MultiFactors, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyMfas", varargs...)
+	ret0, _ := ret[0].(*auth.MultiFactors)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyMfas indicates an expected call of GetMyMfas
+func (mr *MockAuthServiceClientMockRecorder) GetMyMfas(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyMfas", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyMfas), varargs...)
+}
+
+// GetMyPasswordComplexityPolicy mocks base method
+func (m *MockAuthServiceClient) GetMyPasswordComplexityPolicy(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.PasswordComplexityPolicy, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyPasswordComplexityPolicy", varargs...)
+	ret0, _ := ret[0].(*auth.PasswordComplexityPolicy)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyPasswordComplexityPolicy indicates an expected call of GetMyPasswordComplexityPolicy
+func (mr *MockAuthServiceClientMockRecorder) GetMyPasswordComplexityPolicy(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyPasswordComplexityPolicy", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyPasswordComplexityPolicy), varargs...)
+}
+
+// GetMyProjectPermissions mocks base method
+func (m *MockAuthServiceClient) GetMyProjectPermissions(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.MyPermissions, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyProjectPermissions", varargs...)
+	ret0, _ := ret[0].(*auth.MyPermissions)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyProjectPermissions indicates an expected call of GetMyProjectPermissions
+func (mr *MockAuthServiceClientMockRecorder) GetMyProjectPermissions(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyProjectPermissions", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyProjectPermissions), varargs...)
+}
+
+// GetMyUser mocks base method
+func (m *MockAuthServiceClient) GetMyUser(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.UserView, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyUser", varargs...)
+	ret0, _ := ret[0].(*auth.UserView)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyUser indicates an expected call of GetMyUser
+func (mr *MockAuthServiceClientMockRecorder) GetMyUser(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyUser", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyUser), varargs...)
+}
+
+// GetMyUserAddress mocks base method
+func (m *MockAuthServiceClient) GetMyUserAddress(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.UserAddressView, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyUserAddress", varargs...)
+	ret0, _ := ret[0].(*auth.UserAddressView)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyUserAddress indicates an expected call of GetMyUserAddress
+func (mr *MockAuthServiceClientMockRecorder) GetMyUserAddress(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyUserAddress", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyUserAddress), varargs...)
+}
+
+// GetMyUserChanges mocks base method
+func (m *MockAuthServiceClient) GetMyUserChanges(arg0 context.Context, arg1 *auth.ChangesRequest, arg2 ...grpc.CallOption) (*auth.Changes, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyUserChanges", varargs...)
+	ret0, _ := ret[0].(*auth.Changes)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyUserChanges indicates an expected call of GetMyUserChanges
+func (mr *MockAuthServiceClientMockRecorder) GetMyUserChanges(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyUserChanges", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyUserChanges), varargs...)
+}
+
+// GetMyUserEmail mocks base method
+func (m *MockAuthServiceClient) GetMyUserEmail(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.UserEmailView, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyUserEmail", varargs...)
+	ret0, _ := ret[0].(*auth.UserEmailView)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyUserEmail indicates an expected call of GetMyUserEmail
+func (mr *MockAuthServiceClientMockRecorder) GetMyUserEmail(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyUserEmail", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyUserEmail), varargs...)
+}
+
+// GetMyUserPhone mocks base method
+func (m *MockAuthServiceClient) GetMyUserPhone(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.UserPhoneView, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyUserPhone", varargs...)
+	ret0, _ := ret[0].(*auth.UserPhoneView)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyUserPhone indicates an expected call of GetMyUserPhone
+func (mr *MockAuthServiceClientMockRecorder) GetMyUserPhone(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyUserPhone", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyUserPhone), varargs...)
+}
+
+// GetMyUserProfile mocks base method
+func (m *MockAuthServiceClient) GetMyUserProfile(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.UserProfileView, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyUserProfile", varargs...)
+	ret0, _ := ret[0].(*auth.UserProfileView)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyUserProfile indicates an expected call of GetMyUserProfile
+func (mr *MockAuthServiceClientMockRecorder) GetMyUserProfile(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyUserProfile", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyUserProfile), varargs...)
+}
+
+// GetMyUserSessions mocks base method
+func (m *MockAuthServiceClient) GetMyUserSessions(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.UserSessionViews, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyUserSessions", varargs...)
+	ret0, _ := ret[0].(*auth.UserSessionViews)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyUserSessions indicates an expected call of GetMyUserSessions
+func (mr *MockAuthServiceClientMockRecorder) GetMyUserSessions(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyUserSessions", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyUserSessions), varargs...)
+}
+
+// GetMyZitadelPermissions mocks base method
+func (m *MockAuthServiceClient) GetMyZitadelPermissions(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*auth.MyPermissions, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "GetMyZitadelPermissions", varargs...)
+	ret0, _ := ret[0].(*auth.MyPermissions)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetMyZitadelPermissions indicates an expected call of GetMyZitadelPermissions
+func (mr *MockAuthServiceClientMockRecorder) GetMyZitadelPermissions(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetMyZitadelPermissions", reflect.TypeOf((*MockAuthServiceClient)(nil).GetMyZitadelPermissions), varargs...)
+}
+
+// Healthz mocks base method
+func (m *MockAuthServiceClient) Healthz(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Healthz", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Healthz indicates an expected call of Healthz
+func (mr *MockAuthServiceClientMockRecorder) Healthz(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Healthz", reflect.TypeOf((*MockAuthServiceClient)(nil).Healthz), varargs...)
+}
+
+// Ready mocks base method
+func (m *MockAuthServiceClient) Ready(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Ready", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Ready indicates an expected call of Ready
+func (mr *MockAuthServiceClientMockRecorder) Ready(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Ready", reflect.TypeOf((*MockAuthServiceClient)(nil).Ready), varargs...)
+}
+
+// RemoveMfaOTP mocks base method
+func (m *MockAuthServiceClient) RemoveMfaOTP(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "RemoveMfaOTP", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// RemoveMfaOTP indicates an expected call of RemoveMfaOTP
+func (mr *MockAuthServiceClientMockRecorder) RemoveMfaOTP(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RemoveMfaOTP", reflect.TypeOf((*MockAuthServiceClient)(nil).RemoveMfaOTP), varargs...)
+}
+
+// RemoveMyUserPhone mocks base method
+func (m *MockAuthServiceClient) RemoveMyUserPhone(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "RemoveMyUserPhone", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// RemoveMyUserPhone indicates an expected call of RemoveMyUserPhone
+func (mr *MockAuthServiceClientMockRecorder) RemoveMyUserPhone(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RemoveMyUserPhone", reflect.TypeOf((*MockAuthServiceClient)(nil).RemoveMyUserPhone), varargs...)
+}
+
+// ResendMyEmailVerificationMail mocks base method
+func (m *MockAuthServiceClient) ResendMyEmailVerificationMail(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "ResendMyEmailVerificationMail", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ResendMyEmailVerificationMail indicates an expected call of ResendMyEmailVerificationMail
+func (mr *MockAuthServiceClientMockRecorder) ResendMyEmailVerificationMail(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ResendMyEmailVerificationMail", reflect.TypeOf((*MockAuthServiceClient)(nil).ResendMyEmailVerificationMail), varargs...)
+}
+
+// ResendMyPhoneVerificationCode mocks base method
+func (m *MockAuthServiceClient) ResendMyPhoneVerificationCode(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "ResendMyPhoneVerificationCode", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ResendMyPhoneVerificationCode indicates an expected call of ResendMyPhoneVerificationCode
+func (mr *MockAuthServiceClientMockRecorder) ResendMyPhoneVerificationCode(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ResendMyPhoneVerificationCode", reflect.TypeOf((*MockAuthServiceClient)(nil).ResendMyPhoneVerificationCode), varargs...)
+}
+
+// SearchMyProjectOrgs mocks base method
+func (m *MockAuthServiceClient) SearchMyProjectOrgs(arg0 context.Context, arg1 *auth.MyProjectOrgSearchRequest, arg2 ...grpc.CallOption) (*auth.MyProjectOrgSearchResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "SearchMyProjectOrgs", varargs...)
+	ret0, _ := ret[0].(*auth.MyProjectOrgSearchResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// SearchMyProjectOrgs indicates an expected call of SearchMyProjectOrgs
+func (mr *MockAuthServiceClientMockRecorder) SearchMyProjectOrgs(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchMyProjectOrgs", reflect.TypeOf((*MockAuthServiceClient)(nil).SearchMyProjectOrgs), varargs...)
+}
+
+// SearchMyUserGrant mocks base method
+func (m *MockAuthServiceClient) SearchMyUserGrant(arg0 context.Context, arg1 *auth.UserGrantSearchRequest, arg2 ...grpc.CallOption) (*auth.UserGrantSearchResponse, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "SearchMyUserGrant", varargs...)
+	ret0, _ := ret[0].(*auth.UserGrantSearchResponse)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// SearchMyUserGrant indicates an expected call of SearchMyUserGrant
+func (mr *MockAuthServiceClientMockRecorder) SearchMyUserGrant(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SearchMyUserGrant", reflect.TypeOf((*MockAuthServiceClient)(nil).SearchMyUserGrant), varargs...)
+}
+
+// UpdateMyUserAddress mocks base method
+func (m *MockAuthServiceClient) UpdateMyUserAddress(arg0 context.Context, arg1 *auth.UpdateUserAddressRequest, arg2 ...grpc.CallOption) (*auth.UserAddress, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "UpdateMyUserAddress", varargs...)
+	ret0, _ := ret[0].(*auth.UserAddress)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// UpdateMyUserAddress indicates an expected call of UpdateMyUserAddress
+func (mr *MockAuthServiceClientMockRecorder) UpdateMyUserAddress(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateMyUserAddress", reflect.TypeOf((*MockAuthServiceClient)(nil).UpdateMyUserAddress), varargs...)
+}
+
+// UpdateMyUserProfile mocks base method
+func (m *MockAuthServiceClient) UpdateMyUserProfile(arg0 context.Context, arg1 *auth.UpdateUserProfileRequest, arg2 ...grpc.CallOption) (*auth.UserProfile, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "UpdateMyUserProfile", varargs...)
+	ret0, _ := ret[0].(*auth.UserProfile)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// UpdateMyUserProfile indicates an expected call of UpdateMyUserProfile
+func (mr *MockAuthServiceClientMockRecorder) UpdateMyUserProfile(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateMyUserProfile", reflect.TypeOf((*MockAuthServiceClient)(nil).UpdateMyUserProfile), varargs...)
+}
+
+// Validate mocks base method
+func (m *MockAuthServiceClient) Validate(arg0 context.Context, arg1 *emptypb.Empty, arg2 ...grpc.CallOption) (*structpb.Struct, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "Validate", varargs...)
+	ret0, _ := ret[0].(*structpb.Struct)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Validate indicates an expected call of Validate
+func (mr *MockAuthServiceClientMockRecorder) Validate(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Validate", reflect.TypeOf((*MockAuthServiceClient)(nil).Validate), varargs...)
+}
+
+// VerifyMfaOTP mocks base method
+func (m *MockAuthServiceClient) VerifyMfaOTP(arg0 context.Context, arg1 *auth.VerifyMfaOtp, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "VerifyMfaOTP", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// VerifyMfaOTP indicates an expected call of VerifyMfaOTP
+func (mr *MockAuthServiceClientMockRecorder) VerifyMfaOTP(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "VerifyMfaOTP", reflect.TypeOf((*MockAuthServiceClient)(nil).VerifyMfaOTP), varargs...)
+}
+
+// VerifyMyUserEmail mocks base method
+func (m *MockAuthServiceClient) VerifyMyUserEmail(arg0 context.Context, arg1 *auth.VerifyMyUserEmailRequest, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "VerifyMyUserEmail", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// VerifyMyUserEmail indicates an expected call of VerifyMyUserEmail
+func (mr *MockAuthServiceClientMockRecorder) VerifyMyUserEmail(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "VerifyMyUserEmail", reflect.TypeOf((*MockAuthServiceClient)(nil).VerifyMyUserEmail), varargs...)
+}
+
+// VerifyMyUserPhone mocks base method
+func (m *MockAuthServiceClient) VerifyMyUserPhone(arg0 context.Context, arg1 *auth.VerifyUserPhoneRequest, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
+	m.ctrl.T.Helper()
+	varargs := []interface{}{arg0, arg1}
+	for _, a := range arg2 {
+		varargs = append(varargs, a)
+	}
+	ret := m.ctrl.Call(m, "VerifyMyUserPhone", varargs...)
+	ret0, _ := ret[0].(*emptypb.Empty)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// VerifyMyUserPhone indicates an expected call of VerifyMyUserPhone
+func (mr *MockAuthServiceClientMockRecorder) VerifyMyUserPhone(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	varargs := append([]interface{}{arg0, arg1}, arg2...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "VerifyMyUserPhone", reflect.TypeOf((*MockAuthServiceClient)(nil).VerifyMyUserPhone), varargs...)
+}
--- a/pkg/grpc/auth/proto/auth.proto
+++ b/pkg/grpc/auth/proto/auth.proto
@@ -0,0 +1,691 @@
+syntax = "proto3";
+
+import "google/api/annotations.proto";
+import "google/protobuf/empty.proto";
+import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
+import "validate/validate.proto";
+import "protoc-gen-swagger/options/annotations.proto";
+import "authoption/options.proto";
+import "proto/message.proto";
+
+package caos.zitadel.auth.api.v1;
+
+option go_package = "github.com/caos/zitadel/pkg/grpc/auth";
+
+option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
+  info: {
+    title: "Auth API";
+    version: "0.1";
+    contact:{
+      url: "https://github.com/caos/zitadel/pkg/auth"
+    };
+  };
+
+  schemes: HTTPS;
+
+  consumes: "application/json";
+  consumes: "application/grpc";
+
+  produces: "application/json";
+  produces: "application/grpc";
+};
+
+service AuthService {
+  // Readiness
+  rpc Healthz(google.protobuf.Empty) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      get: "/healthz"
+    };
+  }
+
+  rpc Ready(google.protobuf.Empty) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      get: "/ready"
+    };
+  }
+
+  rpc Validate(google.protobuf.Empty) returns (google.protobuf.Struct) {
+    option (google.api.http) = {
+      get: "/validate"
+    };
+  }
+
+  // Authorization
+  rpc GetMyUserSessions(google.protobuf.Empty) returns (UserSessionViews) {
+    option (google.api.http) = {
+      get: "/me/usersessions"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  //User
+  rpc GetMyUser(google.protobuf.Empty) returns (UserView) {
+    option (google.api.http) = {
+      get: "/users/me"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc GetMyUserProfile(google.protobuf.Empty) returns (UserProfileView) {
+    option (google.api.http) = {
+      get: "/users/me/profile"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc UpdateMyUserProfile(UpdateUserProfileRequest) returns (UserProfile) {
+    option (google.api.http) = {
+      put: "/users/me/profile"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc GetMyUserEmail(google.protobuf.Empty) returns (UserEmailView) {
+    option (google.api.http) = {
+      get: "/users/me/email"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc ChangeMyUserEmail(UpdateUserEmailRequest) returns (UserEmail) {
+    option (google.api.http) = {
+      put: "/users/me/email"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc VerifyMyUserEmail(VerifyMyUserEmailRequest) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      post: "/users/me/email/_verify"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc ResendMyEmailVerificationMail(google.protobuf.Empty) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      post: "/users/me/email/_resendverification"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc GetMyUserPhone(google.protobuf.Empty) returns (UserPhoneView) {
+    option (google.api.http) = {
+      get: "/users/me/phone"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc ChangeMyUserPhone(UpdateUserPhoneRequest) returns (UserPhone) {
+    option (google.api.http) = {
+      put: "/users/me/phone"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc RemoveMyUserPhone(google.protobuf.Empty) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      delete: "/users/me/phone"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc VerifyMyUserPhone(VerifyUserPhoneRequest) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      post: "/users/me/phone/_verify"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc ResendMyPhoneVerificationCode(google.protobuf.Empty) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      post: "/users/me/phone/_resendverification"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc GetMyUserAddress(google.protobuf.Empty) returns (UserAddressView) {
+    option (google.api.http) = {
+      get: "/users/me/address"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc GetMyUserChanges(ChangesRequest) returns (Changes) {
+    option (google.api.http) = {
+      get: "/users/me/changes"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc UpdateMyUserAddress(UpdateUserAddressRequest) returns (UserAddress) {
+    option (google.api.http) = {
+      put: "/users/me/address"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc GetMyMfas(google.protobuf.Empty) returns (MultiFactors) {
+    option (google.api.http) = {
+      get: "/users/me/mfas"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+  //Password
+  rpc ChangeMyPassword(PasswordChange) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      put: "/users/me/passwords/_change"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc GetMyPasswordComplexityPolicy(google.protobuf.Empty) returns (PasswordComplexityPolicy) {
+    option (google.api.http) = {
+            get: "/policies/passwords/complexity"
+        };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+            permission: "authenticated"
+        };
+  }
+
+  // MFA
+  rpc AddMfaOTP(google.protobuf.Empty) returns (MfaOtpResponse) {
+    option (google.api.http) = {
+      post: "/users/me/mfa/otp"
+      body: "*"
+    };
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc VerifyMfaOTP(VerifyMfaOtp) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      put: "/users/me/mfa/otp/_verify"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc RemoveMfaOTP(google.protobuf.Empty) returns (google.protobuf.Empty) {
+    option (google.api.http) = {
+      delete: "/users/me/mfa/otp"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc SearchMyUserGrant(UserGrantSearchRequest) returns (UserGrantSearchResponse) {
+    option (google.api.http) = {
+      post: "/usergrants/me/_search"
+      body: "*"
+    };
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc SearchMyProjectOrgs(MyProjectOrgSearchRequest) returns (MyProjectOrgSearchResponse) {
+    option (google.api.http) = {
+      post: "/global/projectorgs/_search"
+      body: "*"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  //Permission
+  rpc GetMyZitadelPermissions(google.protobuf.Empty) returns (MyPermissions) {
+    option (google.api.http) = {
+      get: "/permissions/zitadel/me"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+
+  rpc GetMyProjectPermissions(google.protobuf.Empty) returns (MyPermissions) {
+    option (google.api.http) = {
+      get: "/permissions/me"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
+}
+
+message UserSessionViews {
+  repeated UserSessionView user_sessions = 1;
+}
+message UserSessionView {
+  string id = 1;
+  string agent_id = 2;
+  UserSessionState auth_state = 3;
+  string user_id = 4;
+  string user_name = 5;
+  uint64 sequence = 6;
+  string login_name = 7;
+  string display_name = 8;
+}
+
+enum UserSessionState {
+  USERSESSIONSTATE_UNSPECIFIED = 0;
+  USERSESSIONSTATE_ACTIVE = 1;
+  USERSESSIONSTATE_TERMINATED = 2;
+}
+
+enum OIDCResponseType {
+  OIDCRESPONSETYPE_CODE = 0;
+  OIDCRESPONSETYPE_ID_TOKEN = 1;
+  OIDCRESPONSETYPE_ID_TOKEN_TOKEN = 2;
+}
+
+message UserView {
+  string id = 1;
+  UserState state = 2;
+  google.protobuf.Timestamp creation_date = 3;
+  google.protobuf.Timestamp change_date = 4;
+  google.protobuf.Timestamp last_login = 5;
+  google.protobuf.Timestamp password_changed = 6;
+  string user_name = 7;
+  string first_name = 8;
+  string last_name = 9;
+  string display_name = 10;
+  string nick_name = 11;
+  string preferred_language = 12;
+  Gender gender = 13;
+  string email = 14;
+  bool is_email_verified = 15;
+  string phone = 16;
+  bool is_phone_verified = 17;
+  string country = 18;
+  string locality = 19;
+  string postal_code = 20;
+  string region = 21;
+  string street_address = 22;
+  uint64 sequence = 23;
+  string resource_owner = 24;
+  repeated string login_names = 25;
+  string preferred_login_name = 26;
+}
+
+enum UserState {
+  USERSTATE_UNSPECIFIED = 0;
+  USERSTATE_ACTIVE = 1;
+  USERSTATE_INACTIVE = 2;
+  USERSTATE_DELETED = 3;
+  USERSTATE_LOCKED = 4;
+  USERSTATE_SUSPEND = 5;
+  USERSTATE_INITIAL = 6;
+}
+
+enum Gender {
+  GENDER_UNSPECIFIED = 0;
+  GENDER_FEMALE = 1;
+  GENDER_MALE = 2;
+  GENDER_DIVERSE = 3;
+}
+
+message UserProfile {
+  string id = 1;
+  string user_name = 2;
+  string first_name = 3;
+  string last_name = 4;
+  string nick_name = 5;
+  string display_name = 6;
+  string preferred_language = 7;
+  Gender gender = 8;
+  uint64 sequence = 9;
+  google.protobuf.Timestamp creation_date = 10;
+  google.protobuf.Timestamp change_date = 11;
+}
+
+message UserProfileView {
+  string id = 1;
+  string user_name = 2;
+  string first_name = 3;
+  string last_name = 4;
+  string nick_name = 5;
+  string display_name = 6;
+  string preferred_language = 7;
+  Gender gender = 8;
+  uint64 sequence = 9;
+  google.protobuf.Timestamp creation_date = 10;
+  google.protobuf.Timestamp change_date = 11;
+  repeated string login_names = 12;
+  string preferred_login_name = 13;
+}
+
+message UpdateUserProfileRequest {
+  string first_name = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  string last_name = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  string nick_name = 3 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  string preferred_language = 4 [(validate.rules).string = {min_len: 1, max_len: 200}];
+  Gender gender = 5;
+}
+
+message UserEmail {
+  string id = 1;
+  string email = 2;
+  bool isEmailVerified = 3;
+  uint64 sequence = 4;
+  google.protobuf.Timestamp creation_date = 5;
+  google.protobuf.Timestamp change_date = 6;
+}
+
+message UserEmailView {
+  string id = 1;
+  string email = 2;
+  bool isEmailVerified = 3;
+  uint64 sequence = 4;
+  google.protobuf.Timestamp creation_date = 5;
+  google.protobuf.Timestamp change_date = 6;
+}
+
+message VerifyMyUserEmailRequest {
+  string code = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+}
+
+message VerifyUserEmailRequest {
+  string id = 1;
+  string code = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
+}
+
+message UpdateUserEmailRequest {
+  string email = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+}
+
+message UserPhone {
+  string id = 1;
+  string phone = 2;
+  bool is_phone_verified = 3;
+  uint64 sequence = 4;
+  google.protobuf.Timestamp creation_date = 5;
+  google.protobuf.Timestamp change_date = 6;
+}
+
+message UserPhoneView {
+  string id = 1;
+  string phone = 2;
+  bool is_phone_verified = 3;
+  uint64 sequence = 4;
+  google.protobuf.Timestamp creation_date = 5;
+  google.protobuf.Timestamp change_date = 6;
+}
+
+message UpdateUserPhoneRequest {
+  string phone = 1 [(validate.rules).string = {min_len: 1, max_len: 20}];
+}
+
+message VerifyUserPhoneRequest {
+  string code = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
+}
+
+message UserAddress {
+  string id = 1;
+  string country = 2;
+  string locality = 3;
+  string postal_code = 4;
+  string region = 5;
+  string street_address = 6;
+  uint64 sequence = 7;
+  google.protobuf.Timestamp creation_date = 8;
+  google.protobuf.Timestamp change_date = 9;
+}
+
+message UserAddressView {
+  string id = 1;
+  string country = 2;
+  string locality = 3;
+  string postal_code = 4;
+  string region = 5;
+  string street_address = 6;
+  uint64 sequence = 7;
+  google.protobuf.Timestamp creation_date = 8;
+  google.protobuf.Timestamp change_date = 9;
+}
+
+message UpdateUserAddressRequest {
+  string country = 1 [(validate.rules).string = {max_len: 200}];
+  string locality = 2 [(validate.rules).string = {max_len: 200}];
+  string postal_code = 3 [(validate.rules).string = {max_len: 200}];
+  string region = 4 [(validate.rules).string = {max_len: 200}];
+  string street_address = 5 [(validate.rules).string = {max_len: 200}];
+}
+
+message PasswordID {
+  string id = 1;
+}
+
+message PasswordRequest {
+  string password = 1 [(validate.rules).string = {min_len: 1, max_len: 72}];
+}
+
+message PasswordChange {
+  string old_password = 1 [(validate.rules).string = {min_len: 1, max_len: 72}];
+  string new_password = 2 [(validate.rules).string = {min_len: 1, max_len: 72}];
+}
+
+enum MfaType {
+  MFATYPE_UNSPECIFIED = 0;
+  MFATYPE_SMS = 1;
+  MFATYPE_OTP = 2;
+}
+
+message VerifyMfaOtp {
+  string code = 1;
+}
+
+message MultiFactors {
+  repeated MultiFactor mfas = 1;
+}
+
+message MultiFactor {
+  MfaType type = 1;
+  MFAState state = 2;
+}
+
+message MfaOtpResponse {
+  string user_id = 1;
+  string url = 2;
+  string secret = 3;
+  MFAState state = 4;
+}
+
+enum MFAState {
+  MFASTATE_UNSPECIFIED = 0;
+  MFASTATE_NOT_READY = 1;
+  MFASTATE_READY = 2;
+  MFASTATE_REMOVED = 3;
+}
+
+message OIDCClientAuth {
+  string client_id = 1;
+  string client_secret = 2;
+}
+
+message UserGrantSearchRequest {
+  uint64 offset = 1;
+  uint64 limit = 2;
+  UserGrantSearchKey sorting_column = 3 [(validate.rules).enum = {not_in: [0]}];;
+  bool asc = 4;
+  repeated UserGrantSearchQuery queries = 5;
+}
+
+message UserGrantSearchQuery {
+  UserGrantSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];;
+  SearchMethod method = 2;
+  string value = 3;
+}
+
+enum UserGrantSearchKey {
+  UserGrantSearchKey_UNKNOWN = 0;
+  UserGrantSearchKey_ORG_ID = 1;
+  UserGrantSearchKey_PROJECT_ID = 2;
+}
+
+message UserGrantSearchResponse {
+  uint64 offset = 1;
+  uint64 limit = 2;
+  uint64 total_result = 3;
+  repeated UserGrantView result = 4;
+}
+
+message UserGrantView {
+  string OrgId = 1;
+  string ProjectId = 2;
+  string UserId = 3;
+  repeated string Roles = 4;
+  string OrgName = 5;
+}
+
+message MyProjectOrgSearchRequest {
+  uint64 offset = 1;
+  uint64 limit = 2;
+  bool asc = 4;
+  repeated MyProjectOrgSearchQuery queries = 5;
+}
+
+message MyProjectOrgSearchQuery {
+  MyProjectOrgSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];;
+  SearchMethod method = 2;
+  string value = 3;
+}
+
+enum MyProjectOrgSearchKey {
+  MYPROJECTORGSEARCHKEY_UNSPECIFIED = 0;
+  MYPROJECTORGSEARCHKEY_ORG_NAME = 1;
+}
+
+message MyProjectOrgSearchResponse {
+  uint64 offset = 1;
+  uint64 limit = 2;
+  uint64 total_result = 3;
+  repeated Org result = 4;
+}
+
+message Org {
+  string id = 1;
+  string name = 2;
+}
+
+message MyPermissions {
+  repeated string permissions = 1;
+}
+
+enum SearchMethod {
+  SEARCHMETHOD_EQUALS = 0;
+  SEARCHMETHOD_STARTS_WITH = 1;
+  SEARCHMETHOD_CONTAINS = 2;
+  SEARCHMETHOD_EQUALS_IGNORE_CASE = 3;
+  SEARCHMETHOD_STARTS_WITH_IGNORE_CASE = 4;
+  SEARCHMETHOD_CONTAINS_IGNORE_CASE = 5;
+}
+
+message ChangesRequest {
+  uint64 limit= 1;
+  uint64 sequence_offset = 2;
+  bool asc = 3;
+}
+
+message Changes {
+  repeated Change changes = 1;
+  uint64 offset = 2;
+  uint64 limit = 3;
+}
+
+message Change {
+  google.protobuf.Timestamp change_date = 1;
+  caos.zitadel.api.v1.LocalizedMessage event_type = 2;
+  uint64 sequence = 3;
+  string editor_id = 4;
+  string editor = 5;
+  google.protobuf.Struct data = 6;
+}
+
+message PasswordComplexityPolicy {
+  string id = 1;
+  string description = 2;
+  google.protobuf.Timestamp creation_date = 3;
+  google.protobuf.Timestamp change_date = 4;
+  uint64 min_length = 5;
+  bool has_lowercase = 6;
+  bool has_uppercase = 7;
+  bool has_number = 8;
+  bool has_symbol = 9;
+  uint64 sequence = 10;
+  bool is_default = 11;
+}
--- a/pkg/grpc/auth/proto/generate.go
+++ b/pkg/grpc/auth/proto/generate.go
@@ -0,0 +1,4 @@
+package proto
+
+//go:generate protoc -I${GOPATH}/src -I../proto -I${GOPATH}/src/github.com/caos/zitadel/pkg/grpc/message -I${GOPATH}/src/github.com/grpc-ecosystem/grpc-gateway -I${GOPATH}/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis -I${GOPATH}/src/github.com/envoyproxy/protoc-gen-validate -I${GOPATH}/src/github.com/caos/zitadel/internal/protoc/protoc-gen-authoption --go_out=plugins=grpc:${GOPATH}/src --grpc-gateway_out=logtostderr=true:${GOPATH}/src --swagger_out=logtostderr=true:.. --authoption_out=:.. auth.proto
+//go:generate mockgen -package api -destination ../mock/auth.proto.mock.go github.com/caos/zitadel/pkg/grpc/auth AuthServiceClient