TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 00:27:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(actions): add token customization flow and extend functionally with modules (#4337)

Browse Source 
* fix: potential memory leak

* feat(actions): possibility to parse json
feat(actions): possibility to perform http calls

* add query call

* feat(api): list flow and trigger types
fix(api): switch flow and trigger types to dynamic objects

* fix(translations): add action translations

* use `domain.FlowType`

* localizers

* localization

* trigger types

* options on `query.Action`

* add functions for actions

* feat: management api: add list flow and trigger  (#4352)

* console changes

* cleanup

* fix: wrong localization

Co-authored-by: Max Peintner <max@caos.ch>

* id token works

* check if claims not nil

* feat(actions): metadata api

* refactor(actions): modules

* fix: allow prerelease

* fix: test

* feat(actions): deny list for http hosts

* feat(actions): deny list for http hosts

* refactor: actions

* fix: different error ids

* fix: rename statusCode to status

* Actions objects as options (#4418)

* fix: rename statusCode to status

* fix(actions): objects as options

* fix(actions): objects as options

* fix(actions): set fields

* add http client to old actions

* fix(actions): add log module

* fix(actions): add user to context where possible

* fix(actions): add user to ctx in external authorization/pre creation

* fix(actions): query correct flow in claims

* test: actions

* fix(id-generator): panic if no machine id

* tests

* maybe this?

* fix linting

* refactor: improve code

* fix: metadata and usergrant usage in actions

* fix: appendUserGrant

* fix: allowedToFail and timeout in action execution

* fix: allowed to fail in token complement flow

* docs: add action log claim

* Update defaults.yaml

* fix log claim

* remove prerelease build

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Silvan
2022-10-06 14:23:59 +02:00
committed by GitHub
parent bffb10a4b4
commit 43fb3fd1a6
62 changed files with 2806 additions and 636 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/docs/apis/actions.md
View File

@@ -91,9 +91,9 @@ ZITADEL supports only the external authentication flow at the moment.
```ts
{
ProjectID: string,
ProjectGrantID: string,
Roles: Array<string>,
projectID: string,
projectGrantID: string,
roles: Array<string>,
}
```
@@ -103,4 +103,4 @@ ZITADEL supports only the external authentication flow at the moment.
## Further reading
- [Actions concept](../concepts/features/actions)
- [Actions guide](../guides/manage/customize/behavior)
- [Actions guide](../guides/manage/customize/behavior)

49
docs/docs/apis/openidoauth/claims.md
View File

@@ -39,31 +39,31 @@ Please check below the matrix for an overview where which scope is asserted.
## Standard Claims
| Claims | Example | Description |
|:-------------------|:-----------------------------------------|-----------------------------------------------------------------------------------------------|
| acr | TBA | TBA |
| address | `Teufener Strasse 19, 9000 St. Gallen` | TBA |
| Claims | Example | Description |
|:-------------------|:-----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|
| acr | TBA | TBA |
| address | `Teufener Strasse 19, 9000 St. Gallen` | TBA |
| amr | `pwd mfa` | Authentication Method References as defined in [RFC8176](https://tools.ietf.org/html/rfc8176) <br/> `password` value is deprecated, please check `pwd` |
| aud | `69234237810729019` | The audience of the token, by default all client id's and the project id are included |
| auth_time | `1311280969` | Unix time of the authentication |
| azp | `69234237810729234` | Client id of the client who requested the token |
| email | `road.runner@acme.ch` | Email Address of the subject |
| email_verified | `true` | Boolean if the email was verified by ZITADEL |
| exp | `1311281970` | Time the token expires (as unix time) |
| family_name | `Runner` | The subjects family name |
| gender | `other` | Gender of the subject |
| given_name | `Road` | Given name of the subject |
| iat | `1311280970` | Time of the token was issued at (as unix time) |
| iss | `{your_domain}` | Issuing domain of a token |
| jti | `69234237813329048` | Unique id of the token |
| locale | `en` | Language from the subject |
| name | `Road Runner` | The subjects full name |
| nbf | `1311280970` | Time the token must not be used before (as unix time) |
| nonce | `blQtVEJHNTF0WHhFQmhqZ0RqeHJsdzdkd2d...` | The nonce provided by the client |
| phone | `+41 79 XXX XX XX` | Phone number provided by the user |
| phone_verified | `true` | Boolean if the phone was verified by ZITADEL |
| preferred_username | `road.runner@acme.caos.ch` | ZITADEL's login name of the user. Consist of `username@primarydomain` |
| sub | `77776025198584418` | Subject ID of the user |
| aud | `69234237810729019` | The audience of the token, by default all client id's and the project id are included |
| auth_time | `1311280969` | Unix time of the authentication |
| azp | `69234237810729234` | Client id of the client who requested the token |
| email | `road.runner@acme.ch` | Email Address of the subject |
| email_verified | `true` | Boolean if the email was verified by ZITADEL |
| exp | `1311281970` | Time the token expires (as unix time) |
| family_name | `Runner` | The subjects family name |
| gender | `other` | Gender of the subject |
| given_name | `Road` | Given name of the subject |
| iat | `1311280970` | Time of the token was issued at (as unix time) |
| iss | `{your_domain}` | Issuing domain of a token |
| jti | `69234237813329048` | Unique id of the token |
| locale | `en` | Language from the subject |
| name | `Road Runner` | The subjects full name |
| nbf | `1311280970` | Time the token must not be used before (as unix time) |
| nonce | `blQtVEJHNTF0WHhFQmhqZ0RqeHJsdzdkd2d...` | The nonce provided by the client |
| phone | `+41 79 XXX XX XX` | Phone number provided by the user |
| phone_verified | `true` | Boolean if the phone was verified by ZITADEL |
| preferred_username | `road.runner@acme.caos.ch` | ZITADEL's login name of the user. Consist of `username@primarydomain` |
| sub | `77776025198584418` | Subject ID of the user |
## Custom Claims
@@ -75,6 +75,7 @@ ZITADEL reserves some claims to assert certain data. Please check out the [reser
| Claims | Example | Description |
|:--------------------------------------------------|:-----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| urn:zitadel:iam:action:{actionname}:log | `{"urn:zitadel:iam:action:appendCustomClaims:log": ["test log", "another test log"]}` | This claim is set during Actions as a log, e.g. if two custom claims with the same keys are set. |
| urn:zitadel:iam:org:domain:primary:{domainname} | `{"urn:zitadel:iam:org:domain:primary": "acme.ch"}` | This claim represents the primary domain of the organization the user belongs to. |
| urn:zitadel:iam:org:project:roles | `{"urn:zitadel:iam:org:project:roles": [ {"user": {"id1": "acme.zitade.ch", "id2": "caos.ch"} } ] }` | When roles are asserted, ZITADEL does this by providing the `id` and `primaryDomain` below the role. This gives you the option to check in which organization a user has the role. |
| urn:zitadel:iam:roles:{rolename} | TBA | TBA |

70
docs/docs/apis/proto/action.md
View File

@@ -66,7 +66,7 @@ ActionStateQuery is always equals
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| type | FlowType | - | |
| type | FlowType | id of the flow type | |
| details | zitadel.v1.ObjectDetails | - | |
| state | FlowState | - | |
| trigger_actions | repeated TriggerAction | - | |
@@ -74,24 +74,14 @@ ActionStateQuery is always equals
### FlowStateQuery
FlowStateQuery is always equals
### FlowType
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| state | FlowState | - | enum.defined_only: true<br /> |
### FlowTypeQuery
FlowTypeQuery is always equals
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| state | FlowType | - | enum.defined_only: true<br /> |
| id | string | identifier of the type | |
| name | zitadel.v1.LocalizedMessage | key and name of the type | |
@@ -102,12 +92,24 @@ FlowTypeQuery is always equals
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| trigger_type | TriggerType | - | |
| trigger_type | TriggerType | id of the trigger type | |
| actions | repeated Action | - | |
### TriggerType
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| id | string | identifier of the type | |
| name | zitadel.v1.LocalizedMessage | key and name of the type | |
## Enums
@@ -138,18 +140,6 @@ FlowTypeQuery is always equals
### FlowFieldName {#flowfieldname}
| Name | Number | Description |
| ---- | ------ | ----------- |
| FLOW_FIELD_NAME_UNSPECIFIED | 0 | - |
| FLOW_FIELD_NAME_TYPE | 1 | - |
| FLOW_FIELD_NAME_STATE | 2 | - |
### FlowState {#flowstate}
@@ -162,27 +152,3 @@ FlowTypeQuery is always equals
### FlowType {#flowtype}
| Name | Number | Description |
| ---- | ------ | ----------- |
| FLOW_TYPE_UNSPECIFIED | 0 | - |
| FLOW_TYPE_EXTERNAL_AUTHENTICATION | 1 | - |
### TriggerType {#triggertype}
| Name | Number | Description |
| ---- | ------ | ----------- |
| TRIGGER_TYPE_UNSPECIFIED | 0 | - |
| TRIGGER_TYPE_POST_AUTHENTICATION | 1 | - |
| TRIGGER_TYPE_PRE_CREATION | 2 | - |
| TRIGGER_TYPE_POST_CREATION | 3 | - |

71
docs/docs/apis/proto/management.md
View File

@@ -2956,6 +2956,30 @@ Change JWT identity provider configuration of the organisation
DELETE: /actions/{id}
### ListFlowTypes
> **rpc** ListFlowTypes([ListFlowTypesRequest](#listflowtypesrequest))
[ListFlowTypesResponse](#listflowtypesresponse)
POST: /flows/types/_search
### ListFlowTriggerTypes
> **rpc** ListFlowTriggerTypes([ListFlowTriggerTypesRequest](#listflowtriggertypesrequest))
[ListFlowTriggerTypesResponse](#listflowtriggertypesresponse)
POST: /flows/{type}/triggers/_search
### GetFlow
> **rpc** GetFlow([GetFlowRequest](#getflowrequest))
@@ -4015,7 +4039,7 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| type | zitadel.action.v1.FlowType | - | |
| type | string | id of the flow | |
@@ -4774,7 +4798,7 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| type | zitadel.action.v1.FlowType | - | |
| type | string | id of the flow | |
@@ -5611,6 +5635,45 @@ This is an empty response
### ListFlowTriggerTypesRequest
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| type | string | - | |
### ListFlowTriggerTypesResponse
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| result | repeated zitadel.action.v1.TriggerType | - | |
### ListFlowTypesRequest
### ListFlowTypesResponse
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| result | repeated zitadel.action.v1.FlowType | - | |
### ListGrantedProjectRolesRequest
@@ -7896,8 +7959,8 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| flow_type | zitadel.action.v1.FlowType | - | |
| trigger_type | zitadel.action.v1.TriggerType | - | |
| flow_type | string | id of the flow type | |
| trigger_type | string | id of the trigger type | |
| action_ids | repeated string | - | |