TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-06 12:47:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(docs): Migrate from Docusaurus v2 to v3 (#8036)

Browse Source 
Migrate Docs to latest version of Docusaursu (3.3.2 as of time of
writing)

---------

Co-authored-by: Florian Forster <florian@zitadel.com>
This commit is contained in:
Jan-Frederic Schubert 2024-06-20 14:55:03 +02:00 committed by GitHub
parent f9742a58f4
commit 4101e1cd49
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
56 changed files with 6421 additions and 5343 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/docs/apis/openidoauth/claims.md
View File

@ -32,7 +32,7 @@ Please check below the matrix for an overview where which scope is asserted.
| phone_verified | When requested | When requested | When requested and response_type `id_token` | No |
| preferred_username (username when Introspect) | When requested | When requested | Yes | No |
| sub | Yes | Yes | Yes | When JWT |
| urn:zitadel:iam:org:domain:primary:{domainname} | When requested | When requested | When requested | When JWT and requested |
| urn:zitadel:iam:org:domain:primary:\{domainname} | When requested | When requested | When requested | When JWT and requested |
| urn:zitadel:iam:org:project:roles | When requested | When requested | When requested or configured | When JWT and requested or configured |
| urn:zitadel:iam:user:metadata | When requested | When requested | When requested | When JWT and requested |
| urn:zitadel:iam:user:resourceowner:id | When requested | When requested | When requested | When JWT and requested |
@ -101,11 +101,11 @@ ZITADEL reserves some claims to assert certain data. Please check out the [reser
| Claims | Example | Description |
| :------------------------------------------------ | :------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| urn:zitadel:iam:action:{actionname}:log | `{"urn:zitadel:iam:action:appendCustomClaims:log": ["test log", "another test log"]}` | This claim is set during Actions as a log, e.g. if two custom claims with the same keys are set. |
| urn:zitadel:iam:org:domain:primary:{domainname} | `{"urn:zitadel:iam:org:domain:primary": "acme.ch"}` | This claim represents the primary domain of the organization the user belongs to. |
| urn:zitadel:iam:action:\{actionname}:log | `{"urn:zitadel:iam:action:appendCustomClaims:log": ["test log", "another test log"]}` | This claim is set during Actions as a log, e.g. if two custom claims with the same keys are set. |
| urn:zitadel:iam:org:domain:primary:\{domainname} | `{"urn:zitadel:iam:org:domain:primary": "acme.ch"}` | This claim represents the primary domain of the organization the user belongs to. |
| urn:zitadel:iam:org:project:roles | `{"urn:zitadel:iam:org:project:roles": [ {"user": {"id1": "acme.zitade.ch", "id2": "caos.ch"} } ] }` | When roles are asserted, ZITADEL does this by providing the `id` and `primaryDomain` below the role. This gives you the option to check in which organization a user has the role on the current project (where your client belongs to). |
| urn:zitadel:iam:org:project:{projectid}:roles | `{"urn:zitadel:iam:org:project:id3:roles": [ {"user": {"id1": "acme.zitade.ch", "id2": "caos.ch"} } ] }` | When roles are asserted, ZITADEL does this by providing the `id` and `primaryDomain` below the role. This gives you the option to check in which organization a user has the role on a specific project. |
| urn:zitadel:iam:roles:{rolename} | TBA | TBA |
| urn:zitadel:iam:org:project:\{projectid}:roles | `{"urn:zitadel:iam:org:project:id3:roles": [ {"user": {"id1": "acme.zitade.ch", "id2": "caos.ch"} } ] }` | When roles are asserted, ZITADEL does this by providing the `id` and `primaryDomain` below the role. This gives you the option to check in which organization a user has the role on a specific project. |
| urn:zitadel:iam:roles:\{rolename} | TBA | TBA |
| urn:zitadel:iam:user:metadata | `{"urn:zitadel:iam:user:metadata": [ {"key": "VmFsdWU=" } ] }` | The metadata claim will include all metadata of a user. The values are base64 encoded. |
| urn:zitadel:iam:user:resourceowner:id | `{"urn:zitadel:iam:user:resourceowner:id": "orgid"}` | This claim represents the id of the resource owner organisation of the user. |
| urn:zitadel:iam:user:resourceowner:name | `{"urn:zitadel:iam:user:resourceowner:name": "ACME"}` | This claim represents the name of the resource owner organisation of the user. |

16
docs/docs/apis/openidoauth/endpoints.mdx
View File

@ -12,13 +12,13 @@ import TokenExchangeTypes from "./_token_exchange_types.mdx";
## OpenID Connect 1.0 Discovery
The OpenID Connect Discovery Endpoint is located within the issuer domain.
This would give us {your_domain}/.well-known/openid-configuration.
This would give us `{your_domain}/.well-known/openid-configuration`.
**Link to spec.** [OpenID Connect Discovery 1.0 incorporating errata set 1](https://openid.net/specs/openid-connect-discovery-1_0.html)
## authorization_endpoint
{your_domain}/oauth/v2/authorize
`{your_domain}/oauth/v2/authorize`
:::note
The authorization_endpoint is located with the login page, due to the need of accessing the same cookie domain
@ -172,7 +172,7 @@ the error will be display directly to the user on the auth server
## token_endpoint
{your_domain}/oauth/v2/token
`{your_domain}/oauth/v2/token`
The token_endpoint will as the name suggests return various tokens (access, id and refresh) depending on the used `grant_type`.
When using [`authorization_code`](#authorization-code-grant-code-exchange) flow call this endpoint after receiving the code from the authorization_endpoint.
@ -471,7 +471,7 @@ Send a `client_assertion` as JWT for us to validate the signature against the re
## introspection_endpoint
{your_domain}/oauth/v2/introspect
`{your_domain}/oauth/v2/introspect`
This endpoint enables clients to validate an `acccess_token`, either opaque or JWT. Unlike client side JWT validation,
this endpoint will check if the token is not revoked (by client or logout).
@ -554,7 +554,7 @@ If the authorization fails, an HTTP 401 with `invalid_client` will be returned.
## userinfo_endpoint
{your_domain}/oidc/v1/userinfo
`{your_domain}/oidc/v1/userinfo`
This endpoint will return information about the authorized user.
@ -577,7 +577,7 @@ If the token is invalid or expired, an HTTP 401 will be returned.
## revocation_endpoint
{your_domain}/oauth/v2/revoke
`{your_domain}/oauth/v2/revoke`
This endpoint enables clients to revoke an `access_token` or `refresh_token` they have been granted.
@ -649,7 +649,7 @@ curl --request POST \
## end_session_endpoint
{your_domain}/oidc/v1/end_session
`{your_domain}/oidc/v1/end_session`
The endpoint has to be opened in the user agent (browser) to terminate the user sessions.
@ -667,7 +667,7 @@ If both parameters are provided, they must be equal.
## jwks_uri
{your_domain}/oauth/v2/keys
`{your_domain}/oauth/v2/keys`
The endpoint returns a JSON Web Key Set (JWKS) containing the public keys that can be used to locally validate JWTs you received from ZITADEL.
The alternative would be to validate tokens with the [introspection endpoint](#introspection_endpoint).

56
docs/docs/apis/v3.mdx
View File

@ -134,21 +134,21 @@ Additional to the standard CRUD methods:
- ListAvailableExecutionMethods
- ListAvailableExecutionFunctions
<details><summary>action_service.proto</summary>
\<details><summary>action_service.proto</summary>
<CodeBlock language="protobuf">{ActionServiceProto}</CodeBlock>
</details>
\</details>
<details><summary>action_target.proto</summary>
\<details><summary>action_target.proto</summary>
<CodeBlock language="protobuf">{ActionTargetProto}</CodeBlock>
</details>
\</details>
<details><summary>action_execution.proto</summary>
\<details><summary>action_execution.proto</summary>
<CodeBlock language="protobuf">{ActionExecutionProto}</CodeBlock>
</details>
\</details>
<details><summary>action_query.proto</summary>
\<details><summary>action_query.proto</summary>
<CodeBlock language="protobuf">{ActionSearchProto}</CodeBlock>
</details>
\</details>
### ZITADELUsers
@ -163,29 +163,29 @@ Standard CRUD methods
- Standard CRUD and methods for all IDPs
- Resources have additional properties for reusability capabilities.
<details><summary>idp_service.proto</summary>
\<details><summary>idp_service.proto</summary>
<CodeBlock language="protobuf">{IDPServiceProto}</CodeBlock>
</details>
\</details>
<details><summary>idp.proto</summary>
\<details><summary>idp.proto</summary>
<CodeBlock language="protobuf">{IDPProto}</CodeBlock>
</details>
\</details>
<details><summary>idp_search.proto</summary>
\<details><summary>idp_search.proto</summary>
<CodeBlock language="protobuf">{IDPSearchProto}</CodeBlock>
</details>
\</details>
<details><summary>idp_gitlab.proto</summary>
\<details><summary>idp_gitlab.proto</summary>
<CodeBlock language="protobuf">{IDPGitLabProto}</CodeBlock>
</details>
\</details>
<details><summary>object.proto</summary>
\<details><summary>object.proto</summary>
<CodeBlock language="protobuf">{ObjectProto}</CodeBlock>
</details>
\</details>
<details><summary>resource_object.proto</summary>
\<details><summary>resource_object.proto</summary>
<CodeBlock language="protobuf">{ResourceObjectProto}</CodeBlock>
</details>
\</details>
### ZITADELInstances
@ -265,21 +265,21 @@ For a full proto example, have a look at the [ZITADELLanguageSettings service](#
Default language, restricted languages, supported languages
<details><summary>language_service.proto</summary>
\<details><summary>language_service.proto</summary>
<CodeBlock language="protobuf">{LanguageServiceProto}</CodeBlock>
</details>
\</details>
<details><summary>language.proto</summary>
\<details><summary>language.proto</summary>
<CodeBlock language="protobuf">{LanguageProto}</CodeBlock>
</details>
\</details>
<details><summary>object.proto</summary>
\<details><summary>object.proto</summary>
<CodeBlock language="protobuf">{ObjectProto}</CodeBlock>
</details>
\</details>
<details><summary>settings_object.proto</summary>
\<details><summary>settings_object.proto</summary>
<CodeBlock language="protobuf">{SettingsObjectProto}</CodeBlock>
</details>
\</details>
### ZITADELTextSettings

2
docs/docs/concepts/features/audit-trail.md
View File

@ -45,7 +45,7 @@ Go to your instance settings and then click on the Tab **Events** to open the Ev
Since everything that is available in Console can also be called with our APIs, you can access all events and audit data trough our APIs:
- [Event API Guide](/docs/guides/integrate/zitadel-apis/event-api)
- [API Documentation](/docs/category/apis/resources/admin/events)
- [API Documentation](/docs/apis/resources/admin/events)
Access to the API is possible with a [Service User](/docs/guides/integrate/service-users/authenticate-service-users) account, allowing you to integrate the events with your own business logic.

2
docs/docs/concepts/features/external-user-grant.md
View File

@ -35,6 +35,6 @@ In some use cases, external user grants are a simple way to allow users access t
## References
* [API reference for user grants](/docs/category/apis/resources/mgmt/user-grants)
* [API reference for user grants](/docs/apis/resources/mgmt/user-grants)
* [How to manage user grants through ZITADEL's console](/docs/guides/manage/console/roles#authorizations)
* [More about multi-tenancy with ZITADEL](https://zitadel.com/blog/multi-tenancy-with-organizations)

2
docs/docs/concepts/features/identity-brokering.md
View File

@ -75,4 +75,4 @@ To address this, ZITADEL provides generic templates that enable connection to vi
* [Detailed integration guide for many identity providers](/guides/integrate/identity-providers/introduction)
* [Setup identity providers with Console](/guides/manage/console/default-settings#identity-providers)
* [Configure identity providers with the ZITADEL API](/docs/category/apis/resources/mgmt/identity-providers)
* [Configure identity providers with the ZITADEL API](/docs/apis/resources/mgmt/identity-providers)

2
docs/docs/concepts/structure/applications.md
View File

@ -25,4 +25,4 @@ Ensure the configuration of application settings is limited to authorized users
## References
- [Configure Applications in the Console](../../guides/manage/console/applications)
- [ZITADEL API: Applications](/docs/category/apis/resources/mgmt/applications)
- [ZITADEL API: Applications](/docs/apis/resources/mgmt/applications)

2
docs/docs/concepts/structure/users.md
View File

@ -78,5 +78,5 @@ You can use organization metadata or your own business logic to describe a hiera
## References
- [Manage users in the Console](../../guides/manage/console/users)
- [ZITADEL APIs: Users](/docs/category/apis/resources/mgmt/users)
- [ZITADEL APIs: Users](/docs/apis/resources/mgmt/users)
- [User onboarding and registration](/docs/guides/integrate/onboarding)

2
docs/docs/examples/identity-proxy/oauth2-proxy.md
View File

@ -21,7 +21,7 @@ We recommend that you use [Authorization Code](/apis/openidoauth/grant-types#aut
A redirect URL is a URL in your application where ZITADEL redirects the user after they have authenticated. Set your url to the domain the proxy will be deployed to or use the default one `http://127.0.0.1:4180/oauth2/callback`.
> If you are following along with the sample project you downloaded from our templates, you should set the Allowed Callback URL to <http://localhost:4200/auth/callback>. You will also have to set dev mode to `true` as this will enable unsecure http for the moment.
> If you are following along with the sample project you downloaded from our templates, you should set the Allowed Callback URL to `http://localhost:4200/auth/callback`. You will also have to set dev mode to `true` as this will enable unsecure http for the moment.
If you want to redirect the users back to a route on your application after they have logged out, add an optional redirect in the post redirectURI field.

2
docs/docs/examples/login/angular.md
View File

@ -25,7 +25,7 @@ We recommend that you use [Proof Key for Code Exchange (PKCE)](/apis/openidoauth
The Redirect URIs field tells ZITADEL where it's allowed to redirect users after authentication. For development, you can set dev mode to `true` to enable insecure HTTP and redirect to a `localhost` URI.
The Post-logout redirect send the users back to a route on your application after they have logged out.
> If you are following along with the [example](https://github.com/zitadel/zitadel-angular), set the dev mode to `true`, the Redirect URIs to <http://localhost:4200/auth/callback> and Post redirect URI to <http://localhost:4200/signedout>.
> If you are following along with the [example](https://github.com/zitadel/zitadel-angular), set the dev mode to `true`, the Redirect URIs to `http://localhost:4200/auth/callback` and Post redirect URI to `http://localhost:4200/signedout`.
Continue and create the application.

2
docs/docs/examples/login/go.md
View File

@ -28,7 +28,7 @@ We recommend that you use [Proof Key for Code Exchange (PKCE)](/apis/openidoauth
The Redirect URIs field tells ZITADEL where it's allowed to redirect users after authentication. For development, you can set dev mode to `true` to enable insecure HTTP and redirect to a `localhost` URI.
The Post-logout redirect send the users back to a route on your application after they have logged out.
> If you are following along with the [example](https://github.com/zitadel/zitadel-go), set the dev mode to `true`, the Redirect URIs to <http://localhost:8089/auth/callback> and Post-logout redirect URI to <http://localhost:8089/>.
> If you are following along with the [example](https://github.com/zitadel/zitadel-go), set the dev mode to `true`, the Redirect URIs to `http://localhost:8089/auth/callback` and Post-logout redirect URI to [http://localhost:8089/](http://localhost:8089/)>.
![Create app in console - set redirectURI](/img/go/app-create-redirect.png)

2
docs/docs/examples/login/java-spring.md
View File

@ -162,7 +162,7 @@ java \
-jar web/target/web-0.0.2-SNAPSHOT.jar
```
If you then visit on <http://localhost:18080/webapp> you should directly be redirected to your ZITADEL instance.
If you then visit on [http://localhost:18080/webapp](http://localhost:18080/webapp) you should directly be redirected to your ZITADEL instance.
After login with your existing user you will be presented the profile page:
![Profile Page](/img/java-spring/app-profile.png)

2
docs/docs/examples/login/nextjs-b2b.md
View File

@ -22,7 +22,7 @@ First we need to create an organization that holds the Vendor's users, projects
### Vendor Organization
Navigate to `https://{YourDomain}.zitadel.cloud/ui/console/orgs` (replace {YourDomain}), and click on the button "New".
Navigate to `https://{YourDomain}.zitadel.cloud/ui/console/orgs` (replace \{YourDomain}), and click on the button "New".
Toggle the setting "Use your personal account as organization owner".
Enter the name `Demo-Vendor`, and click "Create". Then click on that organization.

2
docs/docs/examples/login/nextjs.md
View File

@ -41,7 +41,7 @@ Select `CODE` in the next step. This makes sure you still get a secret. Note tha
With the Redirect URIs field, you tell ZITADEL where it is allowed to redirect users to after authentication. For development, you can set dev mode to `true` to enable insecure HTTP and redirect to a `localhost` URI.
> If you are following along with the [example](https://github.com/zitadel/zitadel-angular), set dev mode to `true` and the Redirect URIs to <http://localhost:3000/api/auth/callback/zitadel>.
> If you are following along with the [example](https://github.com/zitadel/zitadel-angular), set dev mode to `true` and the Redirect URIs to `http://localhost:3000/api/auth/callback/zitadel`.
If you want to redirect the users back to a route on your application after they have logged out, add an optional redirect in the Post Logout URIs field.

2
docs/docs/examples/login/symfony.md
View File

@ -18,7 +18,7 @@ Before we can start building our application, we have to do a few configuration
### Project roles
The Example expects [user roles](guides/integrate/retrieve-user-roles) to be returned after login.
The Example expects [user roles](/docs/guides/integrate/retrieve-user-roles) to be returned after login.
Symfony uses `ROLE_USER` format.
The application will take care of upper-casing and prefixing for us.
Inside ZITADEL, you can use regular lower-case role names without prefixes, if you prefer.

4
docs/docs/guides/integrate/identity-providers/introduction.md
View File

@ -177,5 +177,5 @@ Deciding whether to configure an external Identity Provider (IdP) at the organiz
## References
- [Identity brokering in ZITADEL](/docs/concepts/features/identity-brokering)
- [The ZITADEL API reference for managing external IdPs](/docs/category/apis/resources/admin/identity-providers)
- [Handle external logins in a custom login UI](/docs/guides/integrate/login-ui/external-login)
- [The ZITADEL API reference for managing external IdPs](/docs/apis/resources/admin/identity-providers)
- [Handle external logins in a custom login UI](/docs/guides/integrate/login-ui/external-login)

2
docs/docs/guides/integrate/identity-providers/keycloak.mdx
View File

@ -26,7 +26,7 @@ You will have to paste it in the Keycloak Client later.
### Register a new client
1. Login to your Keycloak account and go to the clients list: <$KEYCLOAK-DOMAIN/auth/admin/$REALM/console/#/$REALM/clients>
1. Login to your Keycloak account and go to the clients list: `$KEYCLOAK-DOMAIN/auth/admin/$REALM/console/#/$REALM/clients`
2. Click on "Create Client"
3. Choose OpenID Connect as Client Type and give your client an ID
4. Enable Client authentication and the standard flow and direct access grants as authentication flow

2
docs/docs/guides/integrate/identity-providers/linkedin_oauth.mdx
View File

@ -23,7 +23,7 @@ import TestSetup from './_test_setup.mdx';
2. Add your App Name, your Company Page and a Logo
3. Add "Sign In with LinkedIn using OpenID Connect" by clicking "Request access"
4. Go to the Auth Settings of the App and add the following URL to the "Authorized redirect URLs"
- {your-domain}/ui/login/login/externalidp/callback
- `{your_domain}/ui/login/login/externalidp/callback`
- Example redirect url for the domain `https://acme.zitadel.cloud` would look like this: `https://acme.zitadel.cloud/ui/login/login/externalidp/callback`
5. Verify the app as your company
6. In the Auth - OAuth 2.0 scopes section you should see `openid`, `profile` and `email` listed

2
docs/docs/guides/integrate/identity-providers/mocksaml.mdx
View File

@ -44,7 +44,7 @@ All the necessary configuration is contained in the metadata which has to be exc
### Download metadata
Normally, you would need to download the ServiceProvider metadata from ZITADEL to upload to the IdentityProvider.
They are available under [https://{CUSTOMDOMAIN}/idps/{ID of the provider in ZITADEL}/saml/metadata], but this step can be skipped due to the fact that MockSAML is only for testing purposes.
They are available under `https://${CUSTOMDOMAIN}/idps/\{ID of the provider in ZITADEL}/saml/metadata`, but this step can be skipped due to the fact that MockSAML is only for testing purposes.
### Activate IdP

3
docs/docs/guides/integrate/identity-providers/okta-oidc.mdx
View File

@ -27,7 +27,7 @@ You will have to paste it in the OKTA application later.
### Register a new client
1. Login to your OKTA Account and go to the applications list: <OKTA-DOMAIN/admin/apps/active>
1. Login to your OKTA Account and go to the applications list: `OKTA-DOMAIN/admin/apps/active^
2. Click on "Create App Integration" and choose "OIDC - OpenID Connect"
3. Choose Web application as Application type and give a name
4. [Paste the ZITADEL Callback URL you copied before](#open-the-generic-oidc-provider-template) to the Sign-in redirect URIs
@ -65,7 +65,6 @@ ZITADEL ensures that at least the `openid`-scope is always sent.
<TestSetup loginscreen="your OKTA login"/>
<!-- TODO: Image highlights Google -->
![OKTA Button](/img/guides/zitadel_login_okta.png)
![OKTA Login](/img/guides/okta_login.png)

2
docs/docs/guides/integrate/identity-providers/okta_saml.mdx
View File

@ -41,7 +41,7 @@ After you created the SAML SP in ZITADEL, you can copy the URLs you need to conf
### Register a new client
1. Log in to your OKTA Account and go to the applications list: <OKTA-DOMAIN/admin/apps/active>
1. Log in to your OKTA Account and go to the applications list: `OKTA-DOMAIN/admin/apps/active`
2. Click on "Create App Integration" and choose "SAML 2.0"
3. Give the application a name
4. Click on the ZITADEL URLs that your SAML IDP shows since you created it in ZITADEL and paste them accordingly:

4
docs/docs/guides/integrate/onboarding/b2b.mdx
View File

@ -26,7 +26,7 @@ ZITADEL does have multiple possibilities to achieve that process.
## Onboard customers through the ZITADEL Management Console
Each ZITADEL instance does automatically bring a management console with it. The [console](/docs/guides/manage/console/overview) can be used to manage all your resources through a UI.
You can access it by calling the following URL: $CUSTOM-DOMAIN/ui/
You can access it by calling the following URL: `${CUSTOM-DOMAIN}/ui/`
Make sure that your admins have a [Manager role](/docs/guides/manage/console/managers) with permissions on an instance level such as "INSTANCE_OWNER"
### Create a customer
@ -139,7 +139,7 @@ If you want to start automating the process of onboarding your customers the fol
### Built-in register organization form
A basic form that allows a customer to enter an organization name and a user account is hosted on the following URL:
{custom-domain}/ui/login/register/org
`{custom-domain}/ui/login/register/org`
When a user registers through this form, an organization and a user are created.
The user will automatically get the role "ORG_OWNER" withing ZITADEL and is able to manage the whole organization.

8
docs/docs/guides/integrate/retrieve-user-roles.md
View File

@ -18,8 +18,8 @@ Follow the links below to assign roles to your users.
- [Add application roles via the ZITADEL Console](/docs/guides/manage/console/roles)
- [Add manager roles via the ZITADEL Console](/docs/guides/manage/console/managers)
- [Add application roles via the ZITADEL Management API](/docs/category/apis/resources/mgmt/project-roles)
- [Add manager roles to users via the ZITADEL Management API](/category/apis/resources/mgmt/members)
- [Add application roles via the ZITADEL Management API](/docs/apis/resources/mgmt/project-roles)
- [Add manager roles to users via the ZITADEL Management API](/docs/apis/resources/mgmt/members)
## Retrieve roles
@ -210,7 +210,7 @@ https://github.com/zitadel/actions/blob/main/examples/custom_roles.js
Now we will use the auth API to retrieve roles from a logged in user using the users token
The base URL is: **https://$ZITADEL_DOMAIN/auth/v1**
Lets start with a user who has multiple roles in different organizations in a multi-tenanted set up. You can use the logged in users token or the machine users token to retrieve the authorizations using the [APIs listed under user authorizations/grants in the auth API](/docs/category/apis/resources/auth/user-authorizations-grants).
Lets start with a user who has multiple roles in different organizations in a multi-tenanted set up. You can use the logged in users token or the machine users token to retrieve the authorizations using the [APIs listed under user authorizations/grants in the auth API](/docs/apis/resources/auth/user-authorizations-grants).
**Scope used:** `openid urn:zitadel:iam:org:project:id:zitadel:aud`
@ -394,7 +394,7 @@ Now we will use the management API to retrieve user roles under an admin user.
The base URL is: **https://$CUSTOM-DOMAIN/management/v1**
In [APIs listed under user grants in the management API](/docs/category/apis/resources/mgmt/user-grants), you will see that you can use the management API to retrieve and modify user grants. The two API paths that we are interested in to fetch user roles are given below.
In [APIs listed under user grants in the management API](/docs/apis/resources/mgmt/user-grants), you will see that you can use the management API to retrieve and modify user grants. The two API paths that we are interested in to fetch user roles are given below.
**Scope used:** `openid urn:zitadel:iam:org:project:id:zitadel:aud`

2
docs/docs/guides/integrate/service-users/authenticate-service-users.md
View File

@ -127,7 +127,7 @@ However, [client credentials authentication](./client-credentials.md) might be c
## Further resources
* Read about the [different methods to authenticate service users](./authenticate-service-users)
* [Service User API reference](/docs/category/apis/resources/mgmt/user-machine)
* [Service User API reference](/docs/apis/resources/mgmt/user-machine)
* [OIDC JWT with private key](/docs/apis/openidoauth/authn-methods#jwt-with-private-key) authentication method reference
* [Access ZITADEL APIs](../zitadel-apis/access-zitadel-apis)
* Validate access tokens with [token introspection with private key jwt](../token-introspection/private-key-jwt.mdx)

2
docs/docs/guides/integrate/service-users/client-credentials.md
View File

@ -100,7 +100,7 @@ By following these steps and adhering to security best practices, you can effect
## Notes
* Read about the [different methods to authenticate service users](./authenticate-service-users)
* [Service User API reference](/docs/category/apis/resources/mgmt/user-machine)
* [Service User API reference](/docs/apis/resources/mgmt/user-machine)
* [OIDC client secret basic](/docs/apis/openidoauth/authn-methods#client-secret-basic) authentication method reference
* [Access ZITADEL APIs](../zitadel-apis/access-zitadel-apis)
* Validate access tokens with [token introspection with basic auth](../token-introspection/basic-auth)

6
docs/docs/guides/integrate/services/atlassian-saml.md
View File

@ -36,9 +36,9 @@ For Identity Provider select "Other provider" and enter a Directory Name.
Follow the wizard.
Fill in the following information:
- `Identity provider Entity ID`: {your_instance_domain}/saml/v2/metadata
- `Identity provider SSO URL`: {your_instance_domain}/saml/v2/SSO
- `Public x509 certificate`: You need to download and paste the value of the certificate from {your_instance_domain}/saml/v2/certificate
- `Identity provider Entity ID`: \{your_instance_domain}/saml/v2/metadata
- `Identity provider SSO URL`: \{your_instance_domain}/saml/v2/SSO
- `Public x509 certificate`: You need to download and paste the value of the certificate from \{your_instance_domain}/saml/v2/certificate
![Add SAML details](/img/saml/atlassian/atlassian-03.png)

2
docs/docs/guides/integrate/services/auth0-saml.md
View File

@ -42,7 +42,7 @@ This includes:
All the information is filled out as an example, and to connect with any other environment you only have to change the
used domain, for example "example.com" with "zitadel.cloud".
Lastly, upload the certificate used to sign the reponses, provided for you under the
URL {your_instance_domain}/saml/v2/certificate.
URL \{your_instance_domain}/saml/v2/certificate.
Then just press the button "Create" and the connection on Auth0 is configured.

2
docs/docs/guides/integrate/services/aws-saml.md
View File

@ -45,7 +45,7 @@ can connect to ZITADEL as a SAML2 IDP.
4. Download the ZITADEL-used certificate to sign the responses, so that AWS can validation the signature.
You can download the certificate from following
URL: {your_instance_domain}/saml/v2/certificate
URL: \{your_instance_domain}/saml/v2/certificate
5. Then upload the ".crt"-file to AWS and click "next".

2
docs/docs/guides/integrate/services/cloudflare-oidc.mdx
View File

@ -30,7 +30,7 @@ Cloudflare will return an error "User email was not returned. API permissions ar
1. On the Cloudflare dashboard go to Zero Trust, click settings, and then select "Authentication"
2. Add a new login method with the type "OpenID Connect"
3. Fill in the required information. Check the discovery endpoint of your instance (https://{your_domain}/.well-known/openid-configuration) for the urls. As mentioned in the Cloudflare docs the Certificate Url is jwks_uri.
3. Fill in the required information. Check the discovery endpoint of your instance `https://{your_domain}/.well-known/openid-configuration` for the urls. As mentioned in the Cloudflare docs the Certificate Url is jwks_uri.
4. Disable PKCE (Cloudflare requires a client secret for PKCE, which is currently not supported)
5. Add the following claims: "openid", "profile", "email"
6. Test the connection

2
docs/docs/guides/integrate/services/gitlab-saml.md
View File

@ -52,7 +52,7 @@ Check your application, if everything is correct, press "Create".
Complete the configuration as follows:
- `Identity provider single sign-on URL`: $CUSTOM-DOMAIN/saml/v2/SSO
- `Certificate fingerprint`: You need to download the certificate from {your_instance_domain}/saml/v2/certificate and create a SHA1 fingerprint
- `Certificate fingerprint`: You need to download the certificate from \{your_instance_domain}/saml/v2/certificate and create a SHA1 fingerprint
Save the changes.

12
docs/docs/guides/integrate/services/google-workspace.md
View File

@ -68,8 +68,8 @@ Create a new .xml file with the following minimal SAML metadata contents:
Set or replace the variables with the values from the next screen as follows:
- `${ENTITYID}`: google.com/a/<your_domain>
- `${ACSURL}`: https://www.google.com/a/<your_domain>/acs
- `${ENTITYID}`: `google.com/a/<your_domain>`
- `${ACSURL}`: `https://www.google.com/a/<your_domain>/acs`
`<your_domain>` is the domain you have verified in Google Workspace.
@ -103,7 +103,7 @@ Save the settings.
Now you should be all set to verify your setup:
- Open Gmail in an incognito session with the following link: https://mail.google.com/a/<your_domain>
- Open Gmail in an incognito session with the following link: `https://mail.google.com/a/<your_domain>`
- Enter your username and credentials
- You should be redirected to Gmail and logged in
@ -165,8 +165,8 @@ Create a new .xml file with the following minimal SAML metadata contents:
Set or replace the variables with the values from the next screen as follows:
- `${ENTITYID}`: https://accounts.google.com/samlrp/metadata?rpid=<your_value>
- `${ACSURL}`: https://accounts.google.com/samlrp/acs?rpid=<your_value>
- `${ENTITYID}`: `https://accounts.google.com/samlrp/metadata?rpid=<your_value>`
- `${ACSURL}`: `https://accounts.google.com/samlrp/acs?rpid=<your_value>`
Replace `<your_value>` with the values from the [SSO profile](#entity-id-and-acs-url).
@ -200,7 +200,7 @@ Save the settings.
Now you should be all set to verify your setup:
- Open Gmail in an incognito session with the following link: https://mail.google.com/a/<your_domain>
- Open Gmail in an incognito session with the following link: `https://mail.google.com/a/<your_domain>`
- Enter your username and credentials
- You should be redirected to Gmail and logged in

2
docs/docs/guides/integrate/tools/apache2.mdx
View File

@ -40,7 +40,7 @@ With the following parameters
| Parameter | Description | Example value|
|---|---|---|
| OIDCProviderMetadataURL | Is the url to the discovery endpoint, which is typically located at {your-domain}/.well-known/openid-configuration| https://<your_domain>.zitadel.cloud/.well-known/openid-configuration |
| OIDCProviderMetadataURL | Is the url to the discovery endpoint, which is typically located at `{your-domain}/.well-known/openid-configuration`| `https://<your_domain>.zitadel.cloud/.well-known/openid-configuration` |
| OIDCClientID | Is the ID of the zitadel application. You can find it on the settings page of the application. | 123456789123@apache_test |
| OIDCRedirectURI | Users will be redirected to this page after successful login. If you are using localhost or any other non-https endpoint, make sure to enable development mode in ZITADEL. | https://mysecureapp.io/secure/callback |
| OIDCCryptoPassphrase | Create a secure passphrase. Consult the module's documentation for more details. | ... |

4
docs/docs/guides/manage/console/default-settings.mdx
View File

@ -139,7 +139,7 @@ The Login Policy defines how the login process should look like and which authen
The Default Redirect URI will be used, if a user calls the login page directly.
More specifically, typically a client will initiate login with an auth request.
The auth request contains a client-id and a redirect uri, that must match the configuration in ZITADEL.
If there is no [auth request](https://zitadel.com/docs/apis/openidoauth/authrequest), users will be redirected to the Default Redirect URI, which is by default https://<custom_domain>/ui/console/
If there is no [auth request](https://zitadel.com/docs/apis/openidoauth/authrequest), users will be redirected to the Default Redirect URI, which is by default `https://<custom_domain>/ui/console/`
Reasons why ZITADEL doesn't have a redirect URI:
@ -148,7 +148,7 @@ Reasons why ZITADEL doesn't have a redirect URI:
We recommend setting your own default redirect URI, if you do not want end users to access ZITADEL console.
Change default redirect url of instance: https://<custom_domain>/ui/console/settings?id=login
Change default redirect url of instance: `https://<custom_domain>/ui/console/settings?id=login`
<img
src="/docs//img/guides/solution-scenarios/console-default-redirect.png"

2
docs/docs/guides/manage/console/projects.mdx
View File

@ -18,7 +18,7 @@ You would have to create roles for administration and your clients in this very
## Create a project
To create a project, navigate to your organization, then projects or directly via <https://{your_domain}.zitadel.cloud/ui/console/projects>, and then click the button to create a new project.
To create a project, navigate to your organization, then projects or directly via `https://{your_domain}.zitadel.cloud/ui/console/projects`, and then click the button to create a new project.
<img
alt="Empty Project"

2
docs/docs/guides/manage/customize/restrictions.md
View File

@ -4,7 +4,7 @@ title: Feature Restrictions
New self-hosted and [ZITADEL Cloud instances](https://zitadel.com/signin) are unrestricted by default.
Self-hosters can change this default using the DefaultInstance.Restrictions configuration section.
Users with the role IAM_OWNER can change the restrictions of their instance using the [Feature Restrictions Admin API](/category/apis/resources/admin/feature-restrictions).
Users with the role IAM_OWNER can change the restrictions of their instance using the [Feature Restrictions Admin API](/apis/resources/admin/feature-restrictions).
Currently, the following restrictions are available:
- *Disallow public organization registrations* - If restricted, only users with the role IAM_OWNERS can create new organizations. The endpoint */ui/login/register/org* returns HTTP status 404 on GET requests, and 409 on POST requests.

2
docs/docs/guides/manage/customize/user-metadata.md
View File

@ -232,4 +232,4 @@ The user that calls the management service must have [manager permissions](/docs
A user can be either a human user or a service user.
You can get [metadata of a user filtered by your query](/docs/apis/resources/mgmt/management-service-list-user-metadata) or [get a metadata object from a user by a specific key](/docs/apis/resources/mgmt/management-service-get-user-metadata).
The management service allows you to set and delete metadata, see the [API documentation for users](/docs/category/apis/resources/mgmt/users).
The management service allows you to set and delete metadata, see the [API documentation for users](/docs/apis/resources/mgmt/users).

4
docs/docs/guides/migrate/users.md
View File

@ -220,7 +220,7 @@ Use metadata to store additional attributes of the users, such as organizational
:::info
Metadata must be added to users after the users were created. Currently metadata can't be added during user creation.
[API reference: User Metadata](/docs/category/apis/resources/mgmt/user-metadata)
[API reference: User Metadata](/docs/apis/resources/mgmt/user-metadata)
:::
Request metadata from the userinfo endpoint by passing the required [reserved scope](/docs/apis/openidoauth/scopes#reserved-scopes) in your auth request.
@ -232,5 +232,5 @@ You can assign roles from owned or granted projects to a user.
:::info
Authorizations must be added to users after the users were created. Currently metadata can't be added during user creation.
[API reference: User Authorization / Grants](/docs/category/apis/resources/auth/user-authorizations-grants)
[API reference: User Authorization / Grants](/docs/apis/resources/auth/user-authorizations-grants)
:::

4
docs/docs/legal/policies/privacy-policy.mdx
View File

@ -94,8 +94,8 @@ We use third-party services to provide the website and our offers. An up-to-date
This website uses external payment service providers through whose platforms users and we can make payment transactions. For example via
- Stripe (<https://stripe.com/ch/privacy>)
- Bexio AG (<https://www.bexio.com/de-CH/datenschutz>)
- [Stripe](https://stripe.com/ch/privacy)
- [Bexio AG](https://www.bexio.com/de-CH/datenschutz)
As an alternative, we offer customers the option to pay by invoice instead of using external payment providers. However, this may require a positive credit check in advance.

8
docs/docs/self-hosting/deploy/compose.mdx
View File

@ -18,9 +18,9 @@ The setup is tested against Docker version 20.10.17 and Docker Compose version v
By executing the commands below, you will download the following file:
<details><summary>docker-compose.yaml</summary>
\<details><summary>docker-compose.yaml</summary>
<CodeBlock language="yaml">{DockerComposeSource}</CodeBlock>
</details>
\</details>
```bash
# Download the docker compose example configuration.
@ -41,9 +41,9 @@ docker compose up --detach
By executing the commands below, you will download the following file:
<details><summary>docker-compose-sa.yaml</summary>
\<details><summary>docker-compose-sa.yaml</summary>
<CodeBlock language="yaml">{DockerComposeSaSource}</CodeBlock>
</details>
\</details>
```bash
# Download the docker compose example configuration.

20
docs/docs/self-hosting/deploy/loadbalancing-example/loadbalancing-example.mdx
View File

@ -21,21 +21,21 @@ The setup is tested against Docker version 20.10.17 and Docker Compose version v
By executing the commands below, you will download the following files:
<details><summary>docker-compose.yaml</summary>
\<details><summary>docker-compose.yaml</summary>
<CodeBlock language="yaml">{DockerComposeSource}</CodeBlock>
</details>
<details><summary>example-traefik.yaml</summary>
\</details>
\<details><summary>example-traefik.yaml</summary>
<CodeBlock language="yaml">{ExampleTraefikSource}</CodeBlock>
</details>
<details><summary>example-zitadel-config.yaml</summary>
\</details>
\<details><summary>example-zitadel-config.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELConfigSource}</CodeBlock>
</details>
<details><summary>example-zitadel-secrets.yaml</summary>
\</details>
\<details><summary>example-zitadel-secrets.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELSecretsSource}</CodeBlock>
</details>
<details><summary>example-zitadel-init-steps.yaml</summary>
\</details>
\<details><summary>example-zitadel-init-steps.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELInitStepsSource}</CodeBlock>
</details>
\</details>
```bash
# Download the docker compose example configuration.

16
docs/docs/self-hosting/manage/configure/_compose.mdx
View File

@ -8,18 +8,18 @@ The docker compose example mounts the example zitadel configuration files to the
By executing the commands below, you will download the following files:
<details><summary>docker-compose.yaml</summary>
\<details><summary>docker-compose.yaml</summary>
<CodeBlock language="yaml">{DockerComposeSource}</CodeBlock>
</details>
<details><summary>example-zitadel-config.yaml</summary>
\</details>
\<details><summary>example-zitadel-config.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELConfigSource}</CodeBlock>
</details>
<details><summary>example-zitadel-secrets.yaml</summary>
\</details>
\<details><summary>example-zitadel-secrets.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELSecretsSource}</CodeBlock>
</details>
<details><summary>example-zitadel-init-steps.yaml</summary>
\</details>
\<details><summary>example-zitadel-init-steps.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELInitStepsSource}</CodeBlock>
</details>
\</details>
```bash
# Download the docker compose example configuration.

8
docs/docs/self-hosting/manage/configure/_helm.mdx
View File

@ -9,12 +9,12 @@ For a secure installation with Docker Compose, [go to the loadbalancing example]
By executing the commands below, you will download the following files:
<details><summary>example-zitadel-values.yaml</summary>
\<details><summary>example-zitadel-values.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELValuesSource}</CodeBlock>
</details>
<details><summary>example-zitadel-values-secrets.yaml</summary>
\</details>
\<details><summary>example-zitadel-values-secrets.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELValuesSecretsSource}</CodeBlock>
</details>
\</details>
```bash
# Download and adjust the example configuration file containing standard configuration

12
docs/docs/self-hosting/manage/configure/_linuxunix.mdx
View File

@ -7,15 +7,15 @@ import ExampleZITADELInitStepsSource from '!!raw-loader!./example-zitadel-init-s
By executing the commands below, you will download the following files:
<details><summary>example-zitadel-config.yaml</summary>
\<details><summary>example-zitadel-config.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELConfigSource}</CodeBlock>
</details>
<details><summary>example-zitadel-secrets.yaml</summary>
\</details>
\<details><summary>example-zitadel-secrets.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELSecretsSource}</CodeBlock>
</details>
<details><summary>example-zitadel-init-steps.yaml</summary>
\</details>
\<details><summary>example-zitadel-init-steps.yaml</summary>
<CodeBlock language="yaml">{ExampleZITADELInitStepsSource}</CodeBlock>
</details>
\</details>
```bash
# Download and adjust the example configuration file containing standard configuration

2
docs/docs/self-hosting/manage/database/database.mdx
View File

@ -19,11 +19,9 @@ import Postgres from './_postgres.mdx'
>
<TabItem value="pg">
<Postgres/>
<More/>
</TabItem>
<TabItem value="crdb">
<Cockroach/>
<More/>
</TabItem>
</Tabs>

1
docs/docs/self-hosting/manage/reverseproxy/httpd/httpd.mdx
View File

@ -5,6 +5,7 @@ sidebar_label: Apache httpd
import ProxyGuideOverview from '../_proxy_guide_overview.mdx';
import ProxyGuideTLSMode from '../_proxy_guide_tls_mode.mdx';
import ProxyGuideMore from '../_proxy_guide_more.mdx';
import Compose from "!!raw-loader!./docker-compose.yaml";
import ConfigDisabled from "!!raw-loader!./httpd-disabled-tls.conf";
import ConfigExternal from "!!raw-loader!./httpd-external-tls.conf";

1
docs/docs/self-hosting/manage/reverseproxy/nginx/nginx.mdx
View File

@ -5,6 +5,7 @@ sidebar_label: NGINX
import ProxyGuideOverview from '../_proxy_guide_overview.mdx';
import ProxyGuideTLSMode from '../_proxy_guide_tls_mode.mdx';
import ProxyGuideMore from '../_proxy_guide_more.mdx';
import Compose from "!!raw-loader!./docker-compose.yaml";
import ConfigDisabled from "!!raw-loader!./nginx-disabled-tls.conf";
import ConfigExternal from "!!raw-loader!./nginx-external-tls.conf";

1
docs/docs/self-hosting/manage/reverseproxy/traefik/traefik.mdx
View File

@ -5,6 +5,7 @@ sidebar_label: Traefik
import ProxyGuideOverview from '../_proxy_guide_overview.mdx';
import ProxyGuideTLSMode from '../_proxy_guide_tls_mode.mdx';
import ProxyGuideMore from '../_proxy_guide_more.mdx';
import Compose from "!!raw-loader!./docker-compose.yaml";
import ConfigDisabled from "!!raw-loader!./traefik-disabled-tls.yaml";
import ConfigExternal from "!!raw-loader!./traefik-external-tls.yaml";

6
docs/docs/self-hosting/manage/usage_control.md
View File

@ -9,7 +9,7 @@ The usage control features are currently limited to the instance level only.
## Block Instances
You can block an instance using the [system API](/category/apis/resources/system/limits).
You can block an instance using the [system API](/apis/resources/system/limits).
Most requests to a blocked instance are rejected with the HTTP status *429 Too Many Requests* or the gRPC status *8 Resource Exhausted*.
However, requests to the [system API](/apis/introduction#system) are still allowed.
@ -55,7 +55,7 @@ DefaultInstance:
AuditLogRetention: # ZITADEL_DEFAULTINSTANCE_LIMITS_AUDITLOGRETENTION
```
You can also set a limit for [a specific virtual instance](/concepts/structure/instance#multiple-virtual-instances) using the [system API](/category/apis/resources/system/limits).
You can also set a limit for [a specific virtual instance](/concepts/structure/instance#multiple-virtual-instances) using the [system API](/apis/resources/system/limits).
## Quotas
@ -85,7 +85,7 @@ Quotas:
MaxBulkSize: 0 # ZITADEL_QUOTAS_EXECUTION_DEBOUNCE_MAXBULKSIZE
```
Once you have activated the quotas feature, you can configure quotas [for your virtual instances](/concepts/structure/instance#multiple-virtual-instances) using the [system API](/category/apis/resources/system/quotas) or the *DefaultInstances.Quotas* section.
Once you have activated the quotas feature, you can configure quotas [for your virtual instances](/concepts/structure/instance#multiple-virtual-instances) using the [system API](/apis/resources/system/quotas) or the *DefaultInstances.Quotas* section.
The following snippets shows the defaults:
```yaml

24
docs/docusaurus.config.js
View File

@ -4,8 +4,9 @@ module.exports = {
trailingSlash: false,
url: "https://zitadel.com",
baseUrl: "/docs",
onBrokenLinks: "throw",
onBrokenMarkdownLinks: "warn",
onBrokenLinks: "warn",
onBrokenAnchors: "warn",
onBrokenMarkdownLinks: "throw",
favicon: "img/favicon.ico",
organizationName: "zitadel",
projectName: "zitadel",
@ -203,6 +204,11 @@ module.exports = {
syntax: 'typescript',
tsx: true,
},
transform: {
react: {
runtime: 'automatic',
},
},
target: 'es2017',
},
module: {
@ -223,7 +229,7 @@ module.exports = {
showLastUpdateTime: true,
editUrl: "https://github.com/zitadel/zitadel/edit/main/docs/",
remarkPlugins: [require("mdx-mermaid")],
docLayoutComponent: "@theme/DocPage",
docItemComponent: '@theme/ApiItem'
},
theme: {
@ -245,6 +251,7 @@ module.exports = {
outputDir: "docs/apis/resources/auth",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
mgmt: {
@ -252,6 +259,7 @@ module.exports = {
outputDir: "docs/apis/resources/mgmt",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
admin: {
@ -259,6 +267,7 @@ module.exports = {
outputDir: "docs/apis/resources/admin",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
system: {
@ -266,6 +275,7 @@ module.exports = {
outputDir: "docs/apis/resources/system",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
user: {
@ -273,6 +283,7 @@ module.exports = {
outputDir: "docs/apis/resources/user_service",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
session: {
@ -280,6 +291,7 @@ module.exports = {
outputDir: "docs/apis/resources/session_service",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
oidc: {
@ -287,6 +299,7 @@ module.exports = {
outputDir: "docs/apis/resources/oidc_service",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
settings: {
@ -294,6 +307,7 @@ module.exports = {
outputDir: "docs/apis/resources/settings_service",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
user_schema: {
@ -301,6 +315,7 @@ module.exports = {
outputDir: "docs/apis/resources/user_schema_service_v3",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
user_v3: {
@ -308,6 +323,7 @@ module.exports = {
outputDir: "docs/apis/resources/user_service_v3",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
action_v3: {
@ -315,6 +331,7 @@ module.exports = {
outputDir: "docs/apis/resources/action_service_v3",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
feature_v2: {
@ -322,6 +339,7 @@ module.exports = {
outputDir: "docs/apis/resources/feature_service_v2",
sidebarOptions: {
groupPathsBy: "tag",
categoryLinkSource: "tag",
},
},
},

38
docs/package.json
View File

@ -5,39 +5,45 @@
"scripts": {
"docusaurus": "docusaurus",
"start": "docusaurus start",
"start:api": "yarn generate && docusaurus start",
"build": "yarn generate && docusaurus build",
"start:api": "yarn run generate && docusaurus start",
"build": "yarn run generate && docusaurus build",
"swizzle": "docusaurus swizzle",
"deploy": "docusaurus deploy",
"clear": "docusaurus clear",
"serve": "docusaurus serve",
"write-translations": "docusaurus write-translations",
"write-heading-ids": "docusaurus write-heading-ids",
"generate": "yarn generate:grpc && yarn generate:apidocs && yarn generate:configdocs",
"generate": "yarn run generate:grpc && yarn run generate:apidocs && yarn run generate:configdocs",
"generate:grpc": "buf generate ../proto",
"generate:apidocs": "docusaurus clean-api-docs all && docusaurus gen-api-docs all",
"generate:configdocs": "cp -r ../cmd/defaults.yaml ./docs/self-hosting/manage/configure/ && cp -r ../cmd/setup/steps.yaml ./docs/self-hosting/manage/configure/"
"generate:apidocs": "docusaurus gen-api-docs all",
"generate:configdocs": "cp -r ../cmd/defaults.yaml ./docs/self-hosting/manage/configure/ && cp -r ../cmd/setup/steps.yaml ./docs/self-hosting/manage/configure/",
"generate:re-gen": "yarn clean-all && yarn gen-all",
"generate:clean-all": "docusaurus clean-api-docs all"
},
"dependencies": {
"@bufbuild/buf": "^1.14.0",
"@docusaurus/core": "2.2.0",
"@docusaurus/preset-classic": "2.2.0",
"@docusaurus/theme-search-algolia": "2.2.0",
"@docusaurus/core": "3.4.0",
"@docusaurus/preset-classic": "3.4.0",
"@docusaurus/theme-mermaid": "3.4.0",
"@docusaurus/theme-search-algolia": "3.4.0",
"@headlessui/react": "^1.7.4",
"@heroicons/react": "^2.0.13",
"@mdx-js/react": "^3.0.0",
"@saucelabs/theme-github-codeblock": "^0.2.3",
"@swc/core": "^1.3.74",
"autoprefixer": "^10.4.13",
"clsx": "^1.2.1",
"docusaurus-plugin-image-zoom": "^1.0.1",
"docusaurus-plugin-openapi-docs": "^1.7.3",
"docusaurus-theme-openapi-docs": "^1.7.3",
"mdx-mermaid": "^1.1.0",
"docusaurus-plugin-openapi-docs": "3.0.0-beta.10",
"docusaurus-theme-openapi-docs": "3.0.0-beta.10",
"mdx-mermaid": "^2.0.0",
"mermaid": "^10.9.1",
"postcss": "^8.4.31",
"prism-react-renderer": "^2.1.0",
"raw-loader": "^4.0.2",
"react": "17.0.2",
"react": "^18.2.0",
"react-copy-to-clipboard": "^5.1.0",
"react-dom": "17.0.2",
"react-dom": "^18.2.0",
"react-player": "^2.15.1",
"sitemap": "7.1.1",
"swc-loader": "^0.2.3",
@ -56,7 +62,9 @@
]
},
"devDependencies": {
"@docusaurus/module-type-aliases": "2.2.0",
"@docusaurus/module-type-aliases": "3.4.0",
"@docusaurus/types": "3.4.0",
"tailwindcss": "^3.2.4"
}
},
"packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
}

24
docs/sidebars.js
View File

@ -585,7 +585,7 @@ module.exports = {
description:
"The authentication API (aka Auth API) is used for all operations on the currently logged in user. The user id is taken from the sub claim in the token.",
},
items: require("./docs/apis/resources/auth/sidebar.js"),
items: require("./docs/apis/resources/auth/sidebar.ts"),
},
{
type: "category",
@ -597,7 +597,7 @@ module.exports = {
description:
"The management API is as the name states the interface where systems can mutate IAM objects like, organizations, projects, clients, users and so on if they have the necessary access rights. To identify the current organization you can send a header x-zitadel-orgid or if no header is set, the organization of the authenticated user is set.",
},
items: require("./docs/apis/resources/mgmt/sidebar.js"),
items: require("./docs/apis/resources/mgmt/sidebar.ts"),
},
{
type: "category",
@ -609,7 +609,7 @@ module.exports = {
description:
"This API is intended to configure and manage one ZITADEL instance itself.",
},
items: require("./docs/apis/resources/admin/sidebar.js"),
items: require("./docs/apis/resources/admin/sidebar.ts"),
},
{
type: "category",
@ -623,7 +623,7 @@ module.exports = {
"\n" +
"Checkout the guide how to access the ZITADEL System API.",
},
items: require("./docs/apis/resources/system/sidebar.js"),
items: require("./docs/apis/resources/system/sidebar.ts"),
},
],
},
@ -648,7 +648,7 @@ module.exports = {
"\n" +
"This project is in beta state. It can AND will continue breaking until the services provide the same functionality as the current login.",
},
items: require("./docs/apis/resources/user_service/sidebar.js"),
items: require("./docs/apis/resources/user_service/sidebar.ts"),
},
{
type: "category",
@ -662,7 +662,7 @@ module.exports = {
"\n" +
"This project is in beta state. It can AND will continue breaking until the services provide the same functionality as the current login.",
},
items: require("./docs/apis/resources/session_service/sidebar.js"),
items: require("./docs/apis/resources/session_service/sidebar.ts"),
},
{
type: "category",
@ -676,7 +676,7 @@ module.exports = {
"\n" +
"This project is in beta state. It can AND will continue breaking until the services provide the same functionality as the current login.",
},
items: require("./docs/apis/resources/oidc_service/sidebar.js"),
items: require("./docs/apis/resources/oidc_service/sidebar.ts"),
},
{
type: "category",
@ -690,7 +690,7 @@ module.exports = {
"\n" +
"This project is in beta state. It can AND will continue to break until the services provide the same functionality as the current login.",
},
items: require("./docs/apis/resources/settings_service/sidebar.js"),
items: require("./docs/apis/resources/settings_service/sidebar.ts"),
},
{
type: "category",
@ -704,7 +704,7 @@ module.exports = {
"\n" +
"This project is in beta state. It can AND will continue breaking until a stable version is released.",
},
items: require("./docs/apis/resources/feature_service_v2/sidebar.js"),
items: require("./docs/apis/resources/feature_service_v2/sidebar.ts"),
},
],
},
@ -729,7 +729,7 @@ module.exports = {
"\n" +
"This project is in Preview state. It can AND will continue breaking until the service provides the same functionality as the v1 and v2 user services.",
},
items: require("./docs/apis/resources/user_schema_service_v3/sidebar.js"),
items: require("./docs/apis/resources/user_schema_service_v3/sidebar.ts"),
},
{
type: "category",
@ -743,7 +743,7 @@ module.exports = {
"\n" +
"This project is in Preview state. It can AND will continue breaking until the service provides the same functionality as the v1 and v2 user services.",
},
items: require("./docs/apis/resources/user_service_v3/sidebar.js"),
items: require("./docs/apis/resources/user_service_v3/sidebar.ts"),
},
{
type: "category",
@ -757,7 +757,7 @@ module.exports = {
"\n" +
"This project is in Preview state. It can AND will continue breaking until the services provide the same functionality as the current actions.",
},
items: require("./docs/apis/resources/action_service_v3/sidebar.js"),
items: require("./docs/apis/resources/action_service_v3/sidebar.ts"),
},
],
},

1
docs/vercel.json
View File

@ -19,6 +19,7 @@
],
"redirects": [
{ "source": "/", "destination": "/docs" },
{ "source": "/docs/category/apis/:slug*", "destination": "/docs/apis/:slug*", "permanent": true },
{ "source": "/docs/apis/mgmt/:slug*", "destination": "/docs/apis/resources/mgmt/:slug*", "permanent": true },
{ "source": "/docs/apis/auth/:slug*", "destination": "/docs/apis/resources/auth/:slug*", "permanent": true },
{ "source": "/docs/apis/system/:slug*", "destination": "/docs/apis/resources/system/:slug*", "permanent": true },

11404
docs/yarn.lock
View File

File diff suppressed because it is too large Load Diff

3
proto/zitadel/admin.proto
View File

@ -61,6 +61,9 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
{
name: "Failed Events"
},
{
name: "Feature Restrictions"
},
{
name: "General"
},

3
proto/zitadel/auth.proto
View File

@ -48,6 +48,9 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
{
name: "User Authentication Factor"
},
{
name: "User Authorizations/Grants"
},
{
name: "User Email"
},

9
proto/zitadel/system.proto
View File

@ -36,6 +36,15 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
tags: [
{
name: "General"
},
{
name: "Usage Control"
},
{
name: "Limits"
},
{
name: "Quotas"
}
];
schemes: HTTPS;